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DETAILS OF NEXT MICROSOFT OS REVEALED 



BY DAVID WORTHINGTON 

Microsoft is incubating a compo- 
nentized non- Windows operating 
system known as Midori, which is 
being architected from the 
ground up to tackle challenges 
that Redmond has determined 
cannot be met by simply evolving 
its existing technology, ^^^^h 

SD Times has 
viewed internal Micro- 
soft documents that 
outline Midori's pro- i^i^i^™ 
posed design, which is Internet- 
centric and predicated on the 
prevalence of connected systems. 

Midori is an offshoot of 
Microsoft Research's Singularity 
operating system, the tools and 
libraries of which are completely 
managed code. Midori is 
designed to run directly on native 
hardware (x86, x64 and ARM), be 
hosted on the Windows Hyper-V 
hypervisor, or even be hosted by 



a Windows process. 

According to published 

reports, Eric Rudder, senior vice 

president for technical strategy 

at Microsoft and an alumnus of 

Bill Gates' technical staff, is 

heading up the effort. Rudder 

served as senior vice president of 

^^^^^^^^^^ Microsoft's Servers and 

SEE MORE Tools group until 2005. 

COVERAGE A Microsoft spokesper- 

ON PAGE 6 son refused comment. 

"That's sounds pos- 



sible — I've heard rumors to the 
effect that he [Rudder] had an 
OS project in place," said Rob 
Helm, director of research at 
Directions on Microsoft. He not- 
ed that it is quite possible that 
the project is just exploratory, 
but conceivably a step above 
what Microsoft Research does. 

No timeframe for develop- 
ment has been set for Midori, 
which Microsoft technical fellow 



Burton Smith says is a research 
project. A spokesperson added 
that Midori is one of many incu- 
bation projects across Microsoft 
Research. 

One of Microsoft's goals is to 
provide options for Midori appli- 
cations to co-exist with and inter- 
operate with existing Windows 
applications, as well as to provide 
a migration path . 

Building Midori from the 
ground up to be connected 
underscores how much comput- 
ing has changed since Microsoft's 
engineers first designed Win- 
dows; there was no Internet as 
we understand it today, the PC 
was the user's sole device and 
concurrency was a research topic. 

Today, users move across mul- 
tiple devices, consume and share 
resources remotely, and the appli- 
cations that they use are a corn- 
continued on page 22 ► 





MIDORI PEEKS OUT OF ITS SHELL 

BY DAVID WORTHINGTON 

At the risk of undercutting one of its core product lines, Microsoft 
is carefully conceptualizing a way to move millions of users away 
from the existing Windows codebase and onto Midori, a legacy-free 
operating system that it is currently incubating in its skunk works. 

SD Times has viewed internal Microsoft documents that reveal 
the company's preference of an orderly replacement strategy 
rather than breaking sharply with its past. 

The company is acutely aware that Windows is installed on the 
majority of the world's computers and has a broad legacy of appli- 
cations and devices — one that carries with it a lot of value. 

But heritage comes at a price: Evolving Windows to meet new 
opportunities is a costly proposition. "Legacy support is a huge 
anchor on Windows," remarked Larry O'Brien, an independent 
analyst and consultant who writes the Windows & .NET Watch 
column for SD Times. 

According to the documents, continued on page 6 ► 



IBM bid for Hog a smart move, say analysts 



BY ROBERT MULLINS 

Industry watchers say IBM got a 
great deal when it made a bid for 
business rules management sys- 
tems software company Hog, but 
note that IBM's rivals may also 
be shopping for such deals. 

IBM has offerd to pay about 
€10 (US$15.51) per share of Hog, 
for a total of €215 million ($333 
million) in a transaction 
described as "concurrent cash 
public tender offers." Hog is 
headquartered in Paris but also 
has offices in Sunnyvale, Calif., 
and its stock trades on the Nas- 
daq and Euronext exchanges. I 





HL 




Jean Francois Abramatic, chief 
product officer for Hog. 



IBM's offer amounts to about 
a 37% premium over Hog's July 
25 closing price of €7.32 ($11.35). 



The exact acquisition price will 
depend on the exchange rate 
when the deal is settled. 

Business rules management 
(BRM) is a relatively small mar- 
ket — $500 million by a Forrester 
Research estimate — but increas- 
ingly important as large compa- 
nies seek to improve their busi- 
ness process management 
(BPM) systems to keep up with 
changes in business conditions. 

IBM's likely acquisition of Hog 
is intended to bolster its own posi- 
tion in the BPM and SOA soft- 
ware markets, the company's 
continued on page 20 ► 



Developers can tinker 
with Sun's JavaFX SDK 



BY ROBERT MULLINS 

Sun Microsystems has released a 
preview software development 
for its JavaFX platform for creat- 
ing rich Internet applications, 
which the company sees compet- 
ing against Adobe's Flex and 
Microsoft's Silverlight. 

Sun argues it will have a head 
start into the RIA-building mar- 
ket thanks to an army of 6 million 
Java developers and Java running 
on 2 billion phones and 85% of 
the world's desktop computers. 

The JavaFX Preview Release 



SDK includes access to a library 
of Java APIs; a set of tutorials; 
examples of RIAs that can be cre- 
ated with JavaFX; plug-ins to 
Sun's NetBeans 6.1 integrated 
development environment; and 
sample code to let developers tin- 
ker around writing application 
prototypes, said Jacob Lehrbaum, 
senior product line manager for 
JavaFX, at Sun. 

The SDK preview is avail- 
able for free at www.javafx.com. 

Also included is a feature Sun 
continued on page 18 ► 
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Concurrency work happens in parallel 

Languages, libraries, runtimes must change for developers to exploit hardware 



BY DAVID WORTHINGTON 

Microsoft has embarked on a 
cross-company effort to transi- 
tion to parallel computing. In 
that mission, it will attempt to 
soften the impact of those 
changes on developers. 

Several groups within 
Microsoft are working on new 
technologies for multicore 
hardware architecture and con- 
current computing scenarios, 
such as cloud computing. 

The company's developer 
division, the Robotics Group 
and an incubation group direct- 
ed by chief research and strate- 
gy officer Craig Mundie are 
among those participating in 
that effort. SD Times inter- 
viewed the executives from 
those groups to learn more 
about their work. 

The goal of the developer 
division is to make concurrency 
easy for developers, said Lynne 
Hill, general manager of the 
divisions parallel programming 
group. 

Its initial work revolves 
around creating a concurrency 
runtime that operates on top of 
Windows, as well as adding 
extensions and libraries to exist- 
ing .NET programming lan- 
guages. These create a common 
scheduling framework for 
developers. 

The division released in 
June a community technology 
preview (tinyurl.com/6ys2zd) of 
the Parallel FX library, which 
includes Parallel Language 
Integrated Query (PLINQ), a 
concurrent query execution 
engine for LINQ and Task Par- 
allel Library (TPL), which pro- 
vides parallel extensions for the 
.NET Framework. 

Hill explained that this per- 
mits developers to inject paral- 
lelism into applications using 
models that they are already 
familiar with, but noted that 
developers should recognize 
when a particular problem 
might lend itself to parallelism. 

Microsoft's long-term inten- 
tion is to integrate extensions for 
parallelism into .NET languages, 
she said. "The advantage of start- 
ing out with a library is to gather 
feedback; it makes modifications 
easier," she added. 

The company's research labs 
are investigating new languages 
that are purposed for paral- 
lelism, including a functional 



language called F#. Hill noted 
that each developer can have a 
different requirement from a 
language, and that one lan- 
guage alone is not sufficient. 

"Most of the problem is not 
the OS. Most of the activity lays 
in programming lines and imple- 
mentations of those languages," 
commented Microsoft technical 
fellow Burton Smith. "The major 
changes visible to people will be 
in languages and the [resulting] 
implementations." 

These languages and 
libraries will have correspond- 
ing tools, including some that 
integrate into Visual Studio, 
offering different views with 
drill-down capabilities, Hill 
said. Other tools will help devel- 
opers profile and locate bottle- 
necks that affect applications 
running on a single machine. 

The Microsoft Robotics 
Group is taking a more ambi- 
tious approach to concurrency: 
its technologies scale across 
machines. "We are a bit more 
radical," admitted Microsoft's 
Tandy Trower, the general man- 
ager of the group. 

Indeed, even its role in the 
concurrency mission is some- 
thing more radical than it 
would seem. Trower explained 
that his group was an incuba- 
tion established by Mundie to 
address the complexity of soft- 
ware development for multi- 
core, distributed processing 
and the complexity of running 
applications that run in many 
places at the same time. 

Like the appendages of a 
robot, the components that 
make up those types of applica- 
tions must be coordinated and 
isolated; there must be a uni- 
fied way to deal with failure, 
Trower explained. 

Isolating a component, 
Smith noted, means that vari- 
ous parts of a parallel computa- 
tion, such as data access, are 
walled off from each other. 

The Robotics Group's main 
result to date has been the 
Microsoft Robotics Developer 
Studio, which consists of the 
Concurrency and Coordination 
Runtime (CCR) and a distrib- 
uted runtime called Decentral- 
ized Software Services (DSS). 

Put simply, CCR coordi- 
nates components and transac- 
tions, and its companion DSS 
scales out across networks, or 




'We are a bit more 
radical ... We are not 
a migration strategy' 

— Tandy Trower, General Manager, 
Microsoft Robotics 



down in the case of robots, 
pushing SOA to tiny devices, 
Trower said. 

But DSS is not just for 
robots: MySpace uses it in com- 
bination with CCR to coordi- 
nate transactions across its serv- 
er farms, as well as for load 
balancing and failure handling. 
Indiana University uses it to 
coordinate a high-performance 
computing network of multi- 
core machines on the Bloom- 
ington campus. 

DSS uses URIs to represent 
components in a representa- 
tional state transfer architec- 
ture that keeps components 
deeply isolated, Trower said. 
Components send operations to 
a real-time transport document, 
which in turn forwards the 
updates. 

The document is human- 
readable, as well as machine- 
readable for publish-and-sub- 
scribe, to enable asynchronous 
messaging. 

"We are not a migration 
strategy," said Trower, noting 
that the Robotics Group 
requires its own developers to 
rethink the fundamentals of 
application architecture. 

Trower wrote in a follow up 
e-mail that the developer divi- 
sion might adopt CCR and inte- 
grate it with its parallel comput- 
ing efforts, because it "closely 
aligned with the initial libraries 
that were already under devel- 
opment (TPL and PLINQ)" and 
focuses on local parallelism. 

But he noted that DSS' docu- 
ment-based distribution engine 
was not yet a candidate, because 
Microsoft already offers a dis- 
tributed SOA offering in Win- 
dows Communication Founda- 
tion (WCF). "WCF provides an 




extensive model for program- 
ming services," Trower added, 
but defining how DSS — being a 
partner library that scales CCR 
across network devices — would 
fit into WCF's services model 
"requires a bit more thought in 
terms of integration." 

DSS is fairly simple in com- 
parison to WCF, with only 
about 12 general operations on 
a document to represent state, 
and lacks some of WCF's more 
sophisticated functions such as 
transaction handling, he noted. 

The work of Microsoft dis- 
tinguished engineer John Man- 
ferdelli is even more arcane 
than that of the Robotics 
Group. He is Mundie's general 
manager of incubation and is 
responsible for creating new 
operating system technologies. 

Some of Manferdelli's work 
may seem mundane, such as 
creating math libraries to sup- 
port parallel computation. His 
other work — inventing future 
operating system technologies 
that may ship through product 
groups — is more revolutionary. 

He explained that one 
Microsoft objective is to create 
an operating system that scales 
performance whenever an 
additional CPU is added to the 
block, without requiring pro- 
gramming changes. But Man- 
ferdelli is also investigating dis- 
tributed parallelism. 

"All OSes in the future need 
to think very carefully about 
asynchronous programming," he 
said. He predicted that most 
future operating systems will 
have specialized APIs to handle 
concurrency, and, depending 
upon how radical their design, 
could implement new non-ker- 
nel mode scheduling. This would 



be accomplished by developing 
entirely new systems, or by rely- 
ing upon runtimes. 

As first reported by SD 
Times, Microsoft is incubating 
an operating system referred to 
as Midori, designed with an 
asynchronous-only architec- 
ture. Midori's focus would be 
on task concurrency and paral- 
lel use of local and distributed 
resources, with help from a dis- 
tributed component-based and 
data-driven application model, 
and dynamic management of 
power and other resources. 

One area of study is the 
latency of messages in parallel 
environments. In cloud com- 
puting, software decomposes 
into services that send messages 
to one another, explained 
Smith. "Messages are sent 
between subcomponents, 

either locally or in a distributed 
way." Parallel computing can go 
a long way to accommodate 
latency in the cloud, he added. 

Manferdelli also discussed 
ideas for isolating operating sys- 
tems by way of a hypervisor lay- 
er, assigning them identities 
and sharing information 
between them just as applica- 
tions do today. 

Indeed, Microsoft has no 
deficit of ideas about how to 
handle concurrency, as demon- 
strated by the seemingly inde- 
pendent nature of its projects. 
But in the end, there will be 
some consensus. 

"There has to be conver- 
gence," Trower observed. "It's 
logical to assume that some- 
where down the road, if Midori 
becomes a deliverable, 
[Microsoft] will have some con- 
solidation and unification of 
models." I 



NEWS 



Software Development Times . August 15, 2008 . 



www.sdtimes.com 



Yahoo negotiates agreement with dissident investor 

Icahn's proxy contest over, but the board is still on the hot seat 



BY DAVID WORTHINGTON 

It's Armistice Day at Yahoo, as 
the company has negotiated a 
settlement with activist share- 
holder Carl Icahn that grants 
Icahn three seats on its board of 
directors, marking an end to his 
campaign for a proxy contest. 

On July 21, Yahoo 
announced that it has reached 
an agreement with Icahn ahead 
of the company's annual gener- 
al meeting on Aug. 1. Under 
the terms of the agreement, the 
board will be expanded from 
eight to 11 members, with 
three new members represent- 
ing the insurgents; one of these 
seats is reserved for Icahn him- 
self, and his nominees for the 
remaining pair are subject to 
the approval of the board's 
Nominating and Governance 
Committee. 

Directors Ronald Burkle, 
Eric Hippeau, Vyomesh Joshi, 
Arthur Kern, Mary Agnes 
Wilderotter, Gary Wilson and 
Jerry Yang are standing for 
reelection at the meeting. 
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Disident Yahoo investor Carl 
Icahn gets a seat on the board. 



Director Robert Kotick's seat 
up is for grabs; he will not be 
seeking re-election. 

Jonathan Miller, currently a 
partner in Velocity Interactive 
Group and former Chairman 
and CEO of AOL, is also in the 
running for one of Icahn's seats, 
according to Yahoo. 

Icahn, who owns approxi- 
mately 5% of Yahoo's common 
stock, agreed in return to with- 
draw his hostile slate of names 



for consideration at the annual 
meeting and to vote for the 
board's nominees at the Aug. 1 
shareholders' meeting. 

Prior to the settlement, 
Icahn had assembled a dissi- 
dent shareholder dream team 
that included former Universal 
Studios executive Frank Biondi, 
Nextel founder John Chappie, 
Dallas Mavericks and HDNet 
owner Mark Cuban, mutual 
fund manager Brian Posner, 
and New Line Cinema co- 
chairman and co-CEO Robert 
Shaye. 

The dissent arose from the 
perceived failure of Yahoo's 
management to negotiate a 
transaction with Microsoft, 
which began its attempt to 
acquire Yahoo with an unsolicit- 
ed US$44.6 billion takeover bid 
in late January. 

During the course of negoti- 
ations, Microsoft offered to raise 
its initial $44.6 billion bid by $5 
billion to $33 per share, but that 
increase was not enough to satis- 
fy Yahoo's leadership. Microsoft 



eventually walked away from the 
buyout, and by April, CEO 
Steve Ballmer was threatening 
to oust Yahoo's board. 

Ballmer was thwarted by 
what he considered to be a lack 
of substantive progress toward 
a transaction, as well as by 
Yahoo's decision to embark on a 
strategic advertising partner- 
ship with Google. 

In June, Yahoo claimed that 
Microsoft had abandoned its 
campaign to acquire Yahoo as a 
whole, and ruled out selling its 
search business, in a separate 
transaction. 

A month later, it came to light 
that Icahn was conducting back- 
channel discussions with 
Microsoft. Icahn's announce- 
ment of plans to replace Yahoo's 
current board of directors with 
people open to selling the com- 
pany to Microsoft was endorsed 
by Ballmer, who said he was will- 
ing to do business with Icahn. 

Icahn continues to advocate 
for the sale of the whole com- 
pany or the sale of its Search 



business, according to his 
remarks in July 21's prepared 
statement. 

"I believe this is a good out- 
come and that we will have a 
strong working relationship 
going forward," noted Icahn. 
"Additionally, I am happy that 
the board has agreed in the set- 
tlement agreement that any 
meaningful transaction, includ- 
ing the strategy in dealing with 
that transaction, will be fully 
discussed with the entire board 
before any final decision is 
made," he said. 

Ultimately, it is impossible 
to predict what the outcome 
may be, said Directions on 
Microsoft lead analyst Matt 
Rosoff. He suggested that 
Icahn was unlikely to have 
accepted a seat on Yahoo's 
board without there being 
something to satisfy him — 
whether that be a transaction to 
unlock more value from his 
shares, or a newfound satisfac- 
tion in the validity of the com- 
pany's organic growth plans. I 
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Midori might replace Windows someday 



< continued from page 1 

the company plans to create 
Midoris "legacy-free bubble," 
both at the programming model 
and at the user level. The models 
differ in the degree to which 
Midori and Windows coexist, 
and virtualization could wind up 
in the mix. 

Microsoft's desire for legacy 
support has twin roots: It needs 
to establish a migration path 
that offers comfort to its cus- 
tomers, while avoiding the pit- 
fall of users implementing virtu- 
alization to run other operating 
systems that would perform 
tasks better than Windows can. 
Such a future runs the risk of 
relegating Windows to the role 
of a co-resident installation that 
executes legacy applications. 

Virtualization creates a moti- 
vation and need for Microsoft 
to do something to take back 
the initiative — and none too 
soon, said Jeffrey Hammond, a 
senior analyst with Forrester 
Research. "It may just be the 
developer crowd I run with 
these days ... but I see more 
Macs in developers' hands 
[today] than at any time in the 



last 18 years," he added. 

The documents describe the 
legacy-free objective as being a 
preemptive strike against non- 
Microsoft operating systems, 
enabling the company to com- 
pete head-on by enticing cus- 
tomers to replace Windows 
with Midori instead of a non- 
Microsoft OS. 

Midori is being designed as a 
componentized OS and can run 
directly on native hardware 
(x86, x64 and ARM), be hosted 
on the Windows Hyper-V 
hypervisor, or even be hosted by 
a Windows process. 

The documents propose 
three possible ways for Midori 
and Windows to work together. 
The first, but most complex, lets 
apps run on both Midori and 
Windows by following a program 
model that operates like 
Microsoft Research's Accelerator 
(tinyurl.com/6c7ykc) project. 
Applications in the Accelerator 
model execute some parts of 
applications under Windows 
threads while executing others 
on the GPU via a DirectX device 
driver. Windows wraps the 
GPU's hardware resources into 



that device driver. 

Under this scenario, Win- 
dows persists as the predominant 
Microsoft OS, and the Windows 
Executive, which manages 
exceptions, stacks, threads and 
other core constructs, would be 
support Midori as a subsystem. 

Microsoft would, create a 
Windows device driver to exe- 
cute Midori code under Win- 
dows, with dedicated hardware 
resources and rudimentary OS 
facilities such as Midori's sched- 
uler and threading model, which 
enables concurrency. 

The low initial investment of 
this driver-based approach to 
compatibility has its appeal, but 
the company believes that run- 
ning a full-featured operating 
system as a driver would be 
unwieldy, given the baggage of 
integrated debugging, its own 
IO system and its own user 
interface. Another drawback, 
noted O'Brien, is that this really 
doesn't fit with the line-in-the- 
sand mindset toward legacy 
code that Midori is supposed to 
represent. 

A second approach to 
Midori would fork the execu- 



tive responsibilities and require 
the development of an execu- 
tive for Midori that is based on 
and would run in parallel with 
the Windows Executive. This 
has the advantage of not having 
to create the Midori Executive 
from scratch, but maintains the 
conundrum of trying to run a 
legacy-free bubble inside of 
what remains legacy code. 

The Midori documents not- 
ed several other disadvantages 
to that approach, including the 
challenge of assigning resources 
to the two operating systems. 
O'Brien pointed out that such 
an approach would also require 
some sort of coordinating super- 
system, which might have to be 
written from scratch. 

The most radical suggestion 
involves writing the proposed 
Midori Executive itself from 
scratch, which would transform 
the bubble into a truly legacy- 
free platform. But again, noted 
O'Brien, Midori would have to 
have something along the lines 
of a hypervisor to allow it to run 
in harness with Windows, which 
brings its own complications. 

"The idea of using a hyper- 



Midori to 'sandbox' applications to harden security 
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BY DAVID W0RTHINGT0N 

Security is a watchword for Midori, the 
operating system that Microsoft is incubat- 
ing in hopes of freeing itself from its legacy 
Windows software architecture. 

SD Times has viewed internal 

Microsoft documents that detail 
Midori's security proposition. The 
highlights include memory safety 
and type safety, and a least-privi- 
leged mode. As well, hardware sup- 
port may enable a secure boot 
mechanism and a remote chain of 
trust on top of secure booting. 

Midori's memory safety and type safety 
features will eliminate the potential for 
buffer overruns, perform heap deletes more 
freguently to avoid stack and heap corrup- 
tion, and possibly offer some guarantees 
around fine-grained locking to prevent data 
race conditions, the documents indicate. 

Applications and system services in 
Midori will run with the least authority nec- 
essary for their purposes. A standard 
declarative policy will be used for configur- 
ing component isolation, elevating code 
privileges, evaluating code identity and 
managing system state. 

"From a software architecture stand- 
point," wrote Yankee Group program man- 
ager Andrew Jaguith in an e-mail, Midori's 
approach "is a very good one. The big idea 
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here is to enumerate, and then enshrine in 
policy, all of the things a program can and 
cannot do. By combining declarative secu- 
rity policies with runtime enforcement 
mechanisms, Midori should be able to 
effectively 'sandbox' applications in 
a fairly bulletproof way." 

Jaguith noted that what 
Microsoft is doing is a form of 
mandatory access control, a con- 
cept that intelligence agencies 
adopted many years ago. 
Microsoft is trying to keep up with 
the Joneses, Jaguith noted, pointing out 
that Apple's Mac OS X Leopard, Novell's 
AppArmor (which ships with Ubuntu) and 
SELinux (which ships with Red Hat Enter- 
prise Linux) all provide implementations of 
mandatory access control. 

Another Midori design objective is to 
reduce the risk of cross-process elevation 
attacks by using application manifests and 
eliminating dynamic code loading, in order 
to regulate what execution is possible in a 
process. 

With those protections in place, if a 
process is compromised, malicious code 
will be restricted to the appropriate 
process subsets. 

But in this model, policies need to be eas- 
ily updateable by trusted sources, wrote 
Jaguith. He explained that it is difficult for a 



developer to foresee all of the potential priv- 
ileges that a program would reguire, and that 
the application manifests would have to 
change as programs are added and updated. 

"It's a great idea in theory, but in prac- 
tice, application sandboxing (which is the 
generic term for what they are doing) has 
some practical problems that lead deploy- 
ers to scale back their ambitions." But his 
concerns are far outweighed by the benefit 
of having sandboxing built into the operat- 
ing system. 

There may be one flaw at the core of 
Midori's scheme: The presence of defects in 
Microsoft's implementation that enforce 
security policies at the kernel-runtime lev- 
el would undermine the effectiveness of 
Midori's security, Jaguith said. 

Good security is crucial to run the type 
of distributed applications that Microsoft is 
designing Midori for, experts agree. "Secu- 
rity is really important in distributed appli- 
cations ... you have to be very careful," not- 
ed John Manferdelli, a distinguished 
engineer at Microsoft and the general man- 
ager of the incubation team led by Craig 
Mundie, chief research and strategy officer. 

The Midori documents indicate that the 
OS will also have hardware support for 
secure boot mechanisms as specified in the 
company's Next-Generation Secure Comput- 
ing Base, formerly known as "Palladium." I 



visor to act as a kind of meta- 
OS coordinating the legacy 
Windows code base and the 
legacy-free bubble is elegant," 
commented O'Brien. He not- 
ed that certain critics might 
draw parallels between the 
challenges of implementing 
some of the aforementioned 
scenarios and Microsoft's 
repeated failures to deliver its 
often-promised Cairo and 
WinFS distributed object-ori- 
ented file systems. 

The Midori documents also 
address device driver compati- 
bility, suggesting that it would 
be possible to have Windows 
wrap legacy drivers as services, 
then use cross-OS communica- 
tion for device access while 
keeping a strict separation 
between those services and 
Midori's device drivers. 

Furthermore, one of the 
design goals for Midori is to iso- 
late device drivers from the OS. 
The company is undecided on at 
least two driver issues: whether 
device drivers should be written 
using managed techniques, and 
whether to build them with a 
language that lends itself — at 
least in part — to static analysis. 
In both cases, increased reliabil- 
ity is the objective. 

The Midori documents indi- 
cated that some internal contro- 
versy remains over the degree to 
which the company can ignore 
backward compatibility. They 
indicated that another of the 
Midori design principles is that 
the projected OS should be in no 
way watered down by a commit- 
ment to the Windows legacy. 

And it is possible that "legacy 
Windows" may persist in some 
form or another. The documents 
suggested that sharing source 
code for key subsystems between 
Midori and Windows might be 
preferred to their duplication, 
but that approach would have its 
own set of concerns about overall 
system reliability. 

Another suggestion found in 
the Midori documents involved 
porting over some Windows code 
to bootstrap the refresh effort, 
temporarily sacrificing some ben- 
efits to ease the migration. 

Midori is an astonishingly 
ambitious undertaking, said 
O'Brien. "Evolution towards an 
OS suitable for the 'manycore' 
era would be tough enough, but 
[the documents] are very aggres- 
sive, essentially saying Take it in 
one bite!'" I 
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mValent secures payment cards in SCM systems 



BY ROBERT MULLINS 

Recognizing that hackers are 
still pursuing credit card num- 
bers, MValent introduced its 
Payment Card Industry (PCI) 
Compliance Automation Mod- 
ule as a supplement to its mVa- 



lent Integrity configuration 
management software, which 
monitors ongoing configuration 
changes to an application. 

The module monitors com- 
pliance across a company's IT 
network with the specifications 



set by the PCI Security Stan- 
dards Council. It automates the 
task of maintaining that compli- 
ance, said James Hickey, chief 
marketing officer of mValent. 

Hackers can break into a 
system and change "permis- 



sions" that determine who has 
access to sensitive data, Hickey 
explained. The compliance 
module continually monitors 
the system to make sure the 
security standards the company 
sets remain in place and aren't 
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replaced by a hacker's. "It's 
about monitoring systems for 
changes in permissions or 
changes in access controls or 
password strength," he added. 

The PCI council, a global 
industry group, sets the Data 
Security Standard (DSS) as a 
benchmark for data security 
measures. DSS version 1.2 is 
scheduled for release in Octo- 
ber; version 1.1 has been in 
place since September 2006. 

The security standards were 
created in the wake of much- 
publicized breaches in which 
payment card databases were 
breached and financial records 
exposed. In 2007, retailer TJ 
Maxx disclosed that 45.7 mil- 
lion of its customer credit card 
numbers were stolen in 2005 
and 2006. 

"That's the most famous 
example, but examples abound," 
Hickey said. 

Although companies han- 
dling credit card transactions 
and storing such data are 
required to adhere to the DSS, 
the rules aren't specific as to how 
they should do it, Hickey added, 
because threats and defensive 
measures frequently change. 

The mandate is: "Secure the 
data," Hickey said. "Secure the 
cardholder data so it's not sub- 
ject to being stolen by anyone, 
by a hacker. I don't think it's any 
more specific than that. IT 
organizations don't have a clear 
road map for what it means to 
be in compliance. 

The mValent PCI compli- 
ance module is intended to 
make sure that security features 
continue to adhere to company 
standards across multiple IT 
systems, ensure that any soft- 
ware "backdoors" are closed 
and alert IT management to 
changes in access controls, per- 
missions or system services so 
as to avert a breach. 

The compliance module 
works like the configuration 
management software that 
mValent offers to monitor over- 
all application performance, 
Hickey noted. After a software 
application is deployed, minute 
changes can constantly affect 
the configuration, a process that 
must be carefully managed to 
make sure the application con- 
tinues to perform as it should. 

"[IT managers] are fond of 
saying, 'You provision software 
a couple times a year, but you 
change configuration data hour- 
by-hour,' " he said. I 
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SourceForge Enterprise 5.0 debuts with broader focus 



BY P.J. CONNOLLY 

CollabNet has updated the 
SourceForge development 
platform to help development 
teams incorporate preferred 
ALM processes into their work. 

SourceForge Enterprise 5.0, 
released July 30, includes new 
project page features that allow 
developers to model and docu- 
ment the different phases of 
their processes, such as nested 
pages and dynamic, portlet-like 
components. 

The new version also offers 
new project template func- 
tions that can capture and 
reuse the content and struc- 
ture from saved projects; the 
items that can be repurposed 
in this way range from discus- 
sion forums and project pages, 
down to custom tracker fields, 
saved searches and defined 
workflows. This, notes the 
company, allows development 
teams to jump-start new pro- 
jects while standardizing their 
life-cycle processes as well as 
their tooling. The aim is to 
improve efficiency and organi- 
zational flexibility, and to ease 
the integration of new team 
members. 

As well, the new release of 
SourceForge Enterprise 

includes a number of changes 
made to improve its usability. 
For starters, the UI has been 
overhauled, with a visual HTML 
editor that allows users to add 
rich content, or by editing the 
HTML source and other com- 
plex content, such as JavaScript 
to project pages. The reworked 
interface now has mouse-over 
menus and more shortcuts to 
recent artifacts and commands. 

A new global grouping fea- 
ture allows the creation of site- 
wide groups and the collective 
assignment of their users to 
project roles. This is especially 
useful in smaller shops that 
can't squander a lot of time 
managing and provisioning 
users, CollabNet noted. 

The update also allows for 
easier site branding, allowing 
customization by simply check- 
ing in new CSS, HTML, image, 
JavaScript or Apache Velocity 
template files as desired to pro- 
mote a corporate identity. This 
can take the form of custom 
logos or messages on working 
pages, personalizing welcome 
e-mails, or modifying the 
domain landing page. 

CollabNet believes that 



ALM isn't just for the largest 
businesses anymore, and in 
hopes of attracting shops with 
equal needs but smaller bud- 
gets, the company reduced the 
price of SourceForge Enter- 



prise to US$4,995 per year per 
server license, with basic sup- 
port for up to 25 users. 

As part of the SourceForge 
update, the company also 
announced new releases of the 



CollabNet Desktops for Eclipse 
and Microsoft Visual Studio. The 
add-ons for the development 
frameworks now offer develop- 
ers access to SourceForge 
Enterprise artifacts such as doc- 



uments, issues and Subversion 
repositories, while remaining 
within the friendly confines of 
their IDE. The Desktop editions 
are free and can be downloaded 
from CollabNet's Web site. I 



Karamasoft UI Suite 

for ASP.NET A J AX 



■1 






. _ 



Karamasoft offers, the 

ultimate components 

for ASP.NET AJAX 

developers to build 

remarkable websites 

in a matter of minutes. 



UI Suite® includes: 

• Rich-Text Editor 

• Search Engine 

• Spell Checker 

• Popup Calendar 

• Email Vaiidator 

• Menu, Panelbar 

• Tab strip, Sitemap 



J d J L Vj_ 

% w ■; J " 



ft K III A- 



jJlji;- v * ; 7 



Etf !('•■ wii nil "i* t** n !jl -* ■"—* !h * r.wiPAj # ih 1 1 



iDM ran: Lit "I >w 



.■-■ -. <■.=-■ :■ id 3t™n J ■ =irtwl ■fcdzh 

*i ] ■ W tf lTfoi OM'tfiHKh 
• ■ ■ . : :■- if -.."■■. ,■■■. 

h* ah.' mjV •■-.<■ llllln^r^r^M !■ - 'r I UPlnralr ■■r^n hi 
I WIBIBT ■ I' Hill III Till ■ ~ll II ■■ UEr 

ftUMn: jYttiii l- ■ . ■ ■■Hnurilcwili 

wait Thimt Qw-.it Ij>h# irr*»>| *■-.■-.?- >>-i*"il i'"-.- Mi]i| 
m'tov hn'rih:^ .- r " ilniHMi-vrjrrt iTwtt* met 



I.U. ii-i Liiiiii.I.u IfliHitlBbnll.. mtij. 



'"lfl||>...I^^H 






" i <* i r 



Seccted Gate: 



J Su Ho Tu We Th f r So 

r. 5 B 7 t * L* 

► : I 11 13 (fi^ 15 1* LT 

j>_ LB IB 2U 2L 22 22 =- 

* 25 26 27 2J 3* 3"J 



Pow/ttfotfui at karamasoft.com 



Karamasoft 7 









fl 




f 



rfr* 



i 



ica 



Building the right team and fostering a culture of continuous improvement and 
collaboration is the foundation for success. You also need the right tools and 
processes in place for your team to do their best work. That's where Microsoft 
Visual Studio Team System 2008 can help. 

Overcoming Application Development Challenges 

Whether you're part of an application development team, or a business stakeholder who de- 
pends on IT for business-critical applications, you know first-hand some of the many chal- 
lenges associated with application development. These challenges depend on the situation, 
but often include: 

• Managing shifting business requirements throughout the project 

• Communication gaps between project managers, developers and testers 

• Adequately testing applications for quality and reliability 

• Gaining visibility into project status to make trade-off decisions and to drive pre- 
dictable project delivery 

•Dealing with global development, regulatory and compliance challenges 

These are not simple challenges to overcome; many are interrelated and involve multiple 
team members and stakeholders. By systematically improving capabilities across your team, 
you can achieve dramatic improvements in your project success rates, better mitigate risks 
and increase your overall impact to the business. 

Visual Studio Team System can help your team overcome these challenges: 

• Communicate and Collaborate 

• Verifying Quality, Early and Often 

• Manage Team Workflow 

• Integrate Work Frequently 

• Use Familiar Tools 

• Make Real-Time Decisions 

• Drive Predictability 




Communicate and Collaborate 

Most software development teams use a number of stand-alone tools 
to manage the application life cycle. Specifications and requirements 
are stored on file shares or SharePoint sites; tasks assigned to devel- 
opers are managed using e-mail; bugs are tracked with spreadsheets; 
and source code resides in one or more version-control systems. With 
important information in so many different places, it's hard for team members to work to- 
gether effectively, resulting in additional effort and the potential for miscommunication. 
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Integrated Team Server 

Visual Studio Team System facilitates team-wide communication and collaboration by providing 
a unified repository for project data, along with the tools to define, enforce, and automate de- 
sired processes. At its heart is Visual Studio Team System 2008 Team Foundation Server, which 
supports version control, work item tracking, automated builds and quality checks, and more. 
Configurable process templates tie team activity together, with changes in status gathered auto- 
matically as part of everyday workflows. Automatic notifications keep team members informed 
of key events, such as a failed build. And with project information in one place and tied togeth- 
er, efforts are traceable back to initial requirements and stakeholders have real-time visibility 
into project status and quality. 

Support for Many Disciplines 

Team Foundation Server was designed to meet the needs of many members of the extended 
development team, not just software developers. Business analysts and architects can manage 
scenarios, requirements, and design documents; project managers and development leads can 
assign, track, and report on project status; database professionals can manage database 
schemas and deployment scripts; and testers can manage regression and load tests, determine 
test coverage, and keep a close eye on quality trends. The Visual Studio Team Explorer client 
provides team members with a single point of access to project artifacts and data, while a pre- 
built, customizable SharePoint portal extends the same information to remote team members 
and other project stakeholders. 

By bringing project artifacts, data, and status together in one place, Visual Studio Team System en- 
ables more effective team communication and collaboration. Defined and consistently enacted 
processes, full traceability, and built-in status reporting help maximize individual productivity, at the 
same time helping to ensure that the efforts of each team member remain well defined and aligned 
with the team's overall priorities. 



Verifying Quality, Early and Often 

Verifying quality is often neglected during most phases of the development 
process. Instead, it is measured near the end of the process, when code is 
handed off to be tested. This approach often results in extra work and a slip- 
ping schedule as features thought to be complete are pushed back to develop- 
ers for rework. Even if code passes initial QA tests, performance and scalability issues can re- 
main undetected until software is deployed into production. 

A Quality-Centric Tool Set 

Microsoft Visual Studio Team System provides tools for verifying quality throughout the ap- 
plication life cycle, helping teams to deliver higher-quality software faster and with less re- 
work. From tracking requirements during planning to performance and load testing of the 
completed application, Visual Studio Team System provides the tools needed to improve 
many aspects of software quality. 

Focus on Quality throughout the Application Life Cycle 

The focus on quality begins during the planning phase, before the first line of code is writ- 
ten, when work item tracking helps thoroughly map scenarios to requirements. As architects 
design a solution that meets those requirements, tools such as the Application Designer, Dis- 
tributed System Designer, and Deployment Designer help ensure that the solution will deliv- 
er the necessary performance, scalability, and manageability. 

During development, before code is checked in, static code-analysis tools help identify cod- 
ing errors and potential security issues earlier, while performance profiling and hot-path 
analysis help avoid potential performance and scalability problems. Developers can easily 
create unit tests to validate application and database objects, using code coverage analysis 
tools to determine the completeness of those tests. Tools for examining code metrics can 
help gauge the complexity and maintainability of code. 

QA engineers can begin writing test cases and load tests earlier, mapping them to work 
items and managing test activity with Visual Studio Team System. As requirements change, 
full traceability between work items helps them ensure that test coverage remains complete. 
Prior to production deployment, comprehensive load-testing tools help QA engineers vali- 
date the application's performance and scalability as a whole. 

Visual Studio Team System enables development teams to improve quality throughout the develop- 
ment life cycle, not just near the end. Such an approach helps minimize the rework- and-retest 
"churn" that typically occurs near the end of each development iteration, during which tradeoffs on 
quality versus schedules must often be made — in turn helping to increase software quality, reduce 
time-to-market, and decrease overall development costs. 

Manage Team Workflow \ 

Development teams deal with many different types of project artifacts, such > 
as scenarios, use cases, requirements, developer tasks, change requests, test 
passes, and bugs. However, most teams lack a good way to manage those 
project artifacts, define the relationships between them, and trace those rela- 
tionships and the effects of status changes throughout the application life cycle. Team Founda- 
tion Server manages these project artifacts as work items so teams can better gauge progress to- 
ward goals and ensure that resources are not being wasted on unnecessary work. 

Detailed Work Plans 

Work item tracking in Microsoft Visual Studio Team System provides an efficient way to 
manage and monitor the status of project-related activity. Team projects have detailed work 
plans, with initial work items generated automatically based on process templates. Each 
work item typically has a title; a description; a team member to whom the work is assigned; 
and a current state, such as proposed, active, resolved, or closed. Work items can also have 
links to other work items, attachments, and custom fields. 

Work Item Visibility and Traceability 

With relationships between work items clearly defined and changes in the status of work 
items collected automatically, a team's progress-to-goals remains visible, even as work is 
handed off among team members. For example, a business analyst may break down scenar- 
ios into requirements, which a development lead divides into tasks for developers. As devel- 
opers finish the tasks, source code-control policies require them to associate their checked- 
in code with work items. Because those change sets are associated with each build, as a new 
build passes QA tests, stakeholders can see that, for example, 60 percent of the work re- 
quired to meet all project requirements is now complete. 

Work item tracking provides an efficient way to manage the efforts of team members, with full trace- 
ability back to initial project goals and real-time visibility into team progress. Team members will know 
how their assigned tasks are related to project goals as a whole, and project managers and leads can en- 
sure that no unnecessary work is assigned. And because all changes to work items are logged and fully 
auditable, those same capabilities can help address complex compliance and regulatory requirements. 






with Microsoft Visual Studio Team System 2008 



Integrate Work Frequently 

Another quality-related area where most teams see room for improvement is 
source code management and version control. One common issue is the in- 
tegration of individual developer efforts into the official code base, which 
can result in the all-too-frequent "broken build" — and force QA resources to 
sit idle until the issues have been resolved and a new build is ready to test. 
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Comprehensive Version Control 

Microsoft Visual Studio Team System helps solve these pains by providing a comprehensive, 
flexible, version-control system. This functionality is not a mere upgrade to Microsoft Visual 
SourceSafe version-control system; rather, the version-control capabilities of Visual Studio 
Team System Team Foundation Server were designed from the ground up to deliver the 
same scalability, performance, and reliability of its underlying data store, which is based on 
Microsoft SQL Server 2005 database software. Built-in tools aid in the migration of source 
code and change history from Visual SourceSafe. 

Some key version-control features in Visual Studio Team System Team Foundation Server in- 
clude atomic check-ins, which help maintain the integrity of source-code files, and policies 
that require developers to perform unit tests or static code analysis prior to checking in code 
and to associate all checked-in code with work items. Support for "shelving" code enables 
developers to store work in process on the server without checking it in, and a new "get lat- 
est on edit" feature checks for new code on the server when a developer starts to edit a local 
copy — -just in case someone else has made changes since the code was checked out. 

Powerful Build Server 

Version control in Visual Studio Team System is complemented by its Team Build features, 
including support for continuous integration builds every time someone checks in code. 
Unit tests and build verification tests can be run as part of the process, and if the build or 
tests fail, designated stakeholders are automatically notified. Flexible build definitions also 
help reduce the time spent managing scripts for "official" builds, providing the ability to eas- 
ily automate compilation, unit tests, static code analysis, virtual server configuration, Web 
site or Web services configuration, application installation, database deployment, test-data 
generation, and load tests. 

The version control and Team Build features in Visual Studio Team System help teams ensure quali- 
ty by enabling them to easily and frequently integrate the work of individual team members — and 
validate that the combined efforts work as expected. 



Use Familiar Tools 

Many development teams want an integrated solution for application life 
cycle management but also want to avoid the lost productivity associated 
with having to learn new tools. 






Make Use of Existing Tools and Skill Sets 

Microsoft Visual Studio Team System facilitates adoption by enabling team members to use tools 
that are already familiar to them. Project managers can design an itemized list of work items, as- 
sign those work items to developers, and track their completion using Microsoft Office Project 
Professional, or they can use Microsoft Office Excel spreadsheet software to make global changes 
and quickly reassess priorities. Architects, software developers, development leads, database 
professionals, and testers can continue to use the Visual Studio integrated development environ- 
ment, including Visual Studio 2008 Professional Edition or any of the Visual Studio Team Sys- 
tem Editions. Remote team members and business stakeholders can use Visual Studio Team Sys- 
tem Web Access to take advantage of many Visual Studio Team System features. 

Visual Studio Team System helps reduce "soft" adoption costs by integrating with the desktop appli- 
cations that people already know and use. Instead of having to learn new tools, team members can 
continue to use the tools that help them be the most productive. 

Make Real-time Decisions 

Regardless of the maturity of their processes, many development teams lack full visibility 
into the application life cycle — and thus they are unable to easily answer questions such as, 
"Does the application meet all requirements?" and, "Are we on schedule?" 

Business Intelligence for Development Teams 

Powered by an integrated Microsoft SQL Server 2005-based data warehouse, the business 
intelligence features in Microsoft Visual Studio Team System provide the information needed 
to make informed, real-time decisions with just a click on a link. And because SQL Server 
Reporting Services is the engine underlying Visual Studio Team System business intelligence, 
teams can just as easily customize existing reports as they can create new ones. 

One highly useful out-of-the-box report is Remaining Work, which provides a comprehen- 
sive view of all remaining work items, enabling development leads and project managers to 
easily see progress, identify bottlenecks, and, if necessary, reallocate resources. Another use- 
ful prebuilt report is Quality Indicators, which provides a combined view of unit test success 
rates, code coverage by unit tests, code churn, and active bugs — all tracked over time. 




Visual Studio Team System provides the information needed to make informed, real-time decisions 
on iteration planning, test coverage, bug trends, project schedules, resource allocation, and more — in 
turn helping development teams to deliver on time and on budget, and to ensure that projects meet 
all identified requirements. Project managers and development leads can be ready for team meetings 
in minutes instead of hours, saving everyone the effort of having to manually communicate status, 
and can answer questions posed by external stakeholders and upper management on the fly. 

Drive Predictability 

Most development teams recognize the value of consistent processes. Howev- 
er, they may not have such processes, know what they need, or know how to 
get started. Teams that have established processes may find that the processes 
are not consistently followed, or that adherence requires significant manual 
effort. Few teams have matured to the point that they can consistently and 
effortlessly follow established processes and, even if they have, must still deal 
with issues such as reorganization, new regulatory or compliance requirements, and bringing 
new team members up to speed. 

Defined and Consistently Followed Processes 

Visual Studio Team System includes integrated process templates to help teams deliver pre- 
dictable results, continuously improve and adapt, and more effectively collaborate and commu- 
nicate. The process templates are fully integrated with other Visual Studio Team System features, 
such as work item tracking and source code control, providing both the ability to define desired 
processes and the means for team members to productively work within those processes. 

Visual Studio Team System includes two out-of-the-box process templates: Microsoft Solu- 
tions Framework for Agile Software Development and Microsoft Solutions Framework for 
CMMI (Capability Maturity Model Integration) Process Improvement. Each provides a set of 
predefined work items, HTML-based process guidance, a SharePoint portal, and a set of pre- 
defined reports. Templates for additional methodologies such as Scrum are available in the 
Visual Studio Team System Developer Center on MSDN, the Microsoft Developer Network. 

Configurable and Adaptable Templates 

Although prebuilt process templates can provide a strong head start, they're not hard-coded. 
Teams can tailor them to support their own processes or can define new templates from 
scratch. Either way, the Process Template Editor makes it easy to create new types of work 
items, specify content for a work item type, define which work items are automatically gen- 
erated for a new project, and define the relationships between work item types. Teams also 
can customize process guidance, SharePoint portal layout, and reports. 

Visual Studio Team System can help development teams define, adopt, and enforce consistent 
processes. In turn, that improved predictability can help increase project velocity, accelerate develop- 
ment cycles, and facilitate more accurate estimation of those cycles, thereby helping teams to deliver 
results better, faster, and more consistently. 

Visual Studio and the Microsoft Application Platform 

The Microsoft Application Platform is a portfolio of technology capabilities, core products, 
and best practice guidance focused on helping IT and development departments' partner 
with the business to maximize opportunity. 

As one of the core products of the Microsoft Application Platform, Visual Studio can help 
you drive the right business efficiencies, customer connections, and value-added services by 
providing a single, fully integrated development environment for most types of develop- 
ment, including Microsoft Windows, Microsoft Office, Web, and mobile applications. Use 
Visual Studio development solutions to give your development team powerful ways to: 

• Increase productivity and quality through integrated and familiar tools. 

• Deploy, secure, and support your critical Web applications and infrastructure. 

• Reduce costs through better visibility of your development process. 

• Provide better predictability and planning through integrated process and 
methodology support. 



Ready to Share 

the Vision ^ 

If you are ready to Share the Vision 
of Visual Studio Team System 2008 
contact your local Microsoft representative 
or Microsoft Partner and learn more at 
http://www.microsoft.com/teamsystem 



© 2008 Microsoft Corporation. All rights reserved.This document is for informational purposes only. 

MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. The information contained in this 

document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. 
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Microsoft splits up key group 



, COMPANIES , 



The Open Web Foundation, a nonprofit organization aiming to build a 
lightweight framework around communi- 
H OPENWEI ty-driven specifications, started opera- 
tions in late July. The Open Web Founda- 
tion's goal is to bring legal clarity and consistency to Web standards 
efforts currently under way. 



, NEW PRODUCTS , 



Security provider Uniloc released SoftAnchor Insight, a product 
usage and license reporting and analysis tool. As part of the SoftAn- 
chor license management platform, Insight provides aggregate met- 
rics about software activation and usage, according to the company. 
Uniloc claims the product provides the industry's first reporting of real 
piracy and casual copying activity, along with license reporting includ- 
ing activation, compliance and subscriptions . . . Sun Microsystems 
released the Sun Web Stack, an AMP (Apache-MySQL-Perl or PHP) 
stack for Linux and Solaris operating systems. The stack consists of 
Web and proxy servers, scripting languages and a database that 
enables developers to deploy Web applications easily, Sun executives 
said. The company also said it is open-sourcing components of the 
Java System Web Server 7.0 and Sun Java System Web Proxy tech- 
nologies in the OpenSolaris community . 



_L 



PEOPLE 



Anthony DiDaniele has been named senior vice president of software 
engineering for Xterprise, a supplier of RFID (radio frequency identifi- 
cation-enabled applications. Prior to joining Xterprise, DiDaniele was 
vice president of engineering at NovusEdge and director of software 
engineering at T-Mobile Hotspot. continued on page 18 ► 



BY DAVID WORTHINGTON 

Microsoft is making a summer- 
time overhaul of its platform and 
services unit, splitting it into two 
groups that will report directly 
to CEO Steve Ballmer, after the 
division head jumped ship. 

In late July, the company 
announced that instead of find- 
ing a replacement for Microsoft 
veteran and Platforms and Ser- 
vices Division president Kevin 
Johnson, effective immediately, 
the PSD will be split into two 
groups: Windows/Windows 
Live and Online Services. 

The groups' respective 
heads, senior vice presidents 
Jon DeVaan, Steven Sinofsky 
and Bill Veghte of the Windows 
group, and senior vice presi- 
dent Satya Nadella of the com- 
pany's online services business, 
will report directly to Ballmer. 

Senior vice president Brian 
Mc Andrews will continue to 
run Microsoft's Advertiser and 
Publisher Solutions Group. 

Johnson will leave the com- 
pany after the failure of its bid 
for Yahoo, which he reportedly 
championed. In September, he 
will take over as CEO of 



Juniper Networks and be 
named to that company's board 
of directors, according to an 
announcement from Juniper. 

Johnson is the latest in a suc- 
cession of longtime Microsoft 
executives to move on. At the 
start of July, chairman and 
founder Bill Gates gave up his 
day-to-day responsibilities, and 
in January, three executives, 
including Jeff Raikes, president 
of Microsoft's Business Division, 
announced their departures. 



(sdtimes.com/story/31474) 

The reorganization is also 
expected to bring new blood 
into Microsoft, as the company 
will search to fill a newly creat- 
ed senior lead position for its 
online services group. 

"It's not a bad thing to shake 
things up. You have got to get 
new blood in," said Laura DiDio, 
a research fellow with Yankee 
Group. In her opinion, Microsoft 
needs a "swift kick" to jumpstart 
momentum in online services. I 



SOFTWARE FX PREPS WPF PARTS 



BY DAVID WORTHINGTON 

Component maker Software 
FX will release a bevy of new 
products before the end of the 
year, targeting Java, SharePoint 
and Windows Presentation 
Foundation (WPF). 

Software FX has released 
Chart FX 7 for Java, a suite of 
charting controls. The upgrade 
adds a new rendering engine 
that uses AJAX to produce 
dymanic charts that can be 
updated without a refresh while 
preserving user preferences. 



The company will soon 
release a suite of native Web 
Part controls for SharePoint 
Server. The Chart FX for 
SharePoint suite will provide 
data visualization components, 
including charts, grids, gauges 
and maps, as well as business 
intelligence, financial and sta- 
tistical components. 

Also by year's end, the com- 
pany will finish Chart FX for 
WPF, a component suite that 
the company has developed 
over the past two years. I 
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Alfresco readies open-source ECM system for SharePoint 



BY ROBERT MULLINS 

Alfresco Software issued a late- 
July beta release of its Share- 
Point-compatible open-source 
enterprise content management 
software in what the company 
called the first such release 



under a European Commission 
order requiring Microsoft to 
share protocol documentation 
for its collaboration software. 

The release of the Alfresco 
Labs 3 enterprise content man- 
agement system makes it possi- 



ble for end users of Microsoft 
Office SharePoint Server to use 
an open-source collaboration 
platform along with open- 
source databases, application 
servers and other related soft- 
ware, said John Newton, CTO 



of Alfresco. 

"Inside of Office, there are 
built-in hooks to SharePoint 
that were closed," Newton 
explained. "What we're able to 
do is to unlock those hooks into 
Office . . . [with Alfresco] hook- 
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mg into Office as though we're 
SharePoint." 

Microsoft was ordered by 
the European Commission in 
2004 to release protocol docu- 
mentation for SharePoint and 
other Microsoft products, after 
a finding that the company was 
engaging in anti-competitive 
practices. Microsoft appealed 
the ruling, but the appeal was 
dismissed in September 2007. 
Microsoft began sharing docu- 
mentation this past spring, 
allowing companies such as 
Alfresco to develop their own 
open-source alternatives to 
SharePoint. 

Alfresco worked with the 
Protocol Freedom Information 
Foundation, which signed an 
agreement with Microsoft to be 
the conduit to share the proto- 
col documentation with open- 
source vendors, to make Alfres- 
co s software interoperable with 
Microsoft's, Newton said. 

The content management 
market has grown to close to 
US$4 billion, Newton said, cit- 
ing research industry estimates. 

The beta release of Alfresco 
Labs 3 should be followed by a 
community release in Septem- 
ber, and later by a commercial 
enterprise version with addi- 
tional features and subscrip- 
tion-based support. I 

4D SHIPS SECOND 
WEB 2.0 PACK 

BY P.J. CONNOLLY 

AJAX and Adobe Flex don't 
always get mentioned in the 
same sentence, but 4D sees 
rich Internet applications as the 
way to bring applications to a 
wider range of devices than 
ever before. 

The company unveiled last 
month the second release of 4D 
Web 2.0 Pack vll, a combina- 
tion of the company's new 4D 
for Flex and an update to its 
AJAX framework that is aimed 
at developers writing for desk- 
top, mobile and Web systems. 

The framework's update to 
version 11.2 adds the ability to 
enter and edit data through the 
touch-screens on Apple's 
iPhone and iPod Touch, as well 
as offline data entry via HTML 
5. Adobe AIR is also newly sup- 
ported, as is the Firefox 3 Web 
browser. Meanwhile, 4D for 
Flex provides what the compa- 
ny calls the first direct Flex-to- 
SQL connectivity. I 
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Open-source enterprise content 
management provider Alfresco Software has released what it calls an 
open-source alternative to Microsoft SharePoint, Alfresco Labs 3. 
Using Alfresco Labs 3, organizations can leverage Java, Linux and 
.NET to reduce SharePoint cost of ownership, the company claimed 
. . . Sybase's iAnywhere mobile and embedded database unit has 
enabled interoperability with the iPhone 3G to bring in wireless e-mail 
from Lotus Notes and Microsoft Exchange. iAnywhere Mobile Office 
also provides security for e-mail, according to the company . . . Quest 
Software now offers its JProbe Java profiler as a plug-in to the Eclipse 
IDE, as part of the release of JProbe 8.0. Launching JProbe in an 
Eclipse environment enables users to adopt continuous performance 
testing best practices. Quest Software said it plans to add perfor- 
mance analysis capabilities to its Eclipse plug-in to allow users to 
investigate issues without having to leave the Eclipse environment 
. . . On-demand testing company Keynote Systems has added new per- 
formance analysis features to KITE 2.0 (Keynote Internet Testing 
Environment). KITE is a Web performance testing product that lets 
users test from their desktop or across Keynote's on-demand global 
networks. The new version can analyze AJAX, Flash and JavaScript 
with Internet Explorer integration, and record Web application test 
scripts . . . Ranorex has released a new version of its testing applica- 
tion, Ranorex 1.5. New in the release is Ranorex Studio, a test devel- 
opment environment that allows users to create test automation pro- 
jects through a single interface, according to the company . . . WebUI 
Studio.NET 2008 R1 SP2, from Intersoft Solutions, has new scenar- 
ios and new samples in WebCombo.NET 4.0, WebDesktop.NET 2.5 and 
other Intersoft products. The WebNotification position is now auto- 
matically updated when the browser is resized, and a new sample in 
WebDesktop.NET 2.5 shows how a custom-made editing form can 
replace built-in data editing behavior. 



Getting inside the JavaFX SDK 



< continued from page 1 

calls Project Nile, which allows 
a developer to take graphical 
assets that have been created in 
tools like Photoshop or Illustra- 
tor, and incorporate them into 
the JavaFX code. 

Developers, said Lehrbaum, 
"can incorporate those assets, 
manipulate them, do all sorts of 
animation and transformations, 
and [do so] as the graphic 
designers continue to iterate 
those designs. There are no 
changes needed to the code 
itself," unlike an embedded 
image file. 

Another idea behind JavaFX 
is to enable developers to use 
common APIs from the SDK to 
build RIAs that will operate in a 
Web browser, a desktop, a TV 
or a mobile device, without 
requiring additional coding for 
each instance. Sun began pro- 
moting the marketing catch 
phrase "Across all the screens 
of your life" when it detailed 
JavaFX plans at its JavaOne 
2008 conference in May. 

"If you're writing to the com- 
mon API set, your content can 
be run across any of the devices," 



I ■ L 





A preview release of Sun's JavaFX SDK includes a plug-in to the NetBeans IDE. 



that run Java, Lehrbaum noted. 

The SDK also includes the 
Java SE Runtime Environment 
6 (JRE) Update 10 Beta, added 
Param Singh, senior director of 
Java marketing for Sun. 

Operating a JavaFX applica- 
tion in JRE allows developers to 
do some interesting things, 
Singh explained. 

"We can allow Web scripters 
and designers to create applica- 
tions that can be in the browser, 
much like any RIA application, 
but then we can also take the 
same applications and literally 



drag and drop it out, break free 
of the browser and run it on the 
desktop," he said. 

Although JavaFX applications 
are intended to run on multiple 
platforms, the JavaFX 1.0 slated 
for release this fall is only for 
developing desktop RIAs, A ver- 
sion for mobile and other plat- 
forms is due in spring 2009. 

"There is still a lot that Sun 
has to engineer in the underly- 
ing JavaFX runtimes, so that 
they can behave consistently 
across all of the very different 
platforms," he noted. I 
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IBM bid for Hog a smart move 
into BRM and BPM, analysts say 



< continued from page 1 

announcement said. The goal is to pro- 
vide customers a broader set of rules 
management tools for application life- 
cycle management, as with IBM's Web- 
Sphere application development and 
management platform. 

"Hog's software allows businesses to 
more effectively manage and automate 
the decision-making process, giving 
companies an opportunity to react with 
incredible speed and accuracy," said 
Tom Rosamilia, general manager of 
IBM WebSphere, in a statement. 

Fair Isaac and Hog each held a 17.6% 
share of the market for BRM software in 
2005, the last time Gartner surveyed the 
space, said David McCoy, managing vice 
president in the business IT division of 
Gartner. 

Other vendor shares at the time were 
in the single digits. But BRM is just a 
small part of Fair Isaac's business, McCoy 
said, making Hog more clearly a leader in 
the space and thus attractive to IBM. 

"Hog represents a plum," McCoy not- 
ed. "IBM read the tea leaves and decid- 
ed, Tf we are going to get into this space, 
we can go in and buy just about anybody 
out, or we could buy one of the best on 
the planet.' " 

BRM software automates the process 
of changing rule as business conditions 
dictate, explained Jean Francois Abramat- 
ic, chief product officer for Hog. 

Take, for example, the process that a 
mortgage lender uses to grant loans. 
Approval of the loan and the interest rate 
will be based on the borrower's credit 
score, the prime interest rate, the price of 
the home and the lender's other under- 
writing criteria. With business rules man- 
agement software, Abramatic explained, 
the rules for approving mortgages in the 
U.S. can be changed if market conditions, 
such as foreclosure rates in surrounding 
communities, change. 

"Business rules applications allow you 
to incorporate those changes without 
rewriting the application, without asking a 
Java developer to rewrite code," Abramat- 
ic said. "The application will behave dif- 



ferently because you have modified the 
rules, giving you agility without having to 
go back to the programming." 

Demand for BRM is also growing in 
relation to deployment of complex 
event processing, SOA and other IT hot 
buttons, but to Gartner's McCoy, IBM's 
own BRM solution was "rudimentary." 
But to its credit, he added, the compa- 
ny reacted well to a situation where 
"everywhere IBM was turning, it was 
bumping into a need for good quality 
rules functionality." 

IBM has partnered with Hog for 
about a decade, but the partnership lim- 
ited IBM's control over Hog, said John 
Rymer, a vice president at Forrester. 

There has already been consolidation 
among BRM vendors, such as the Octo- 
ber 2007 acquisition of Yasu Technolo- 
gies by SAR Other smaller deals last 
year included the RuleBurst purchase of 
Haley Systems and the Trilogy/Versata 
acquisition of Gensym. 

"I think Oracle's going to be the next 
one, and following their usual pattern, 
they will buy, not build," Rymer predict- 
ed, describing the present Oracle Busi- 
ness Rules as also rudimentary when 
compared to Hog's technology. 

Microsoft is more likely to follow the 
partnership route than make an acquisi- 
tion, Rymer believes. 

The Hog board has voted preliminary 
approval for the IBM acquisition and is 
expected to grant final approval before 
Sept. 15, after which the offer will be 
filed with the French stock exchange 
authority. The deal must be cleared with 
anti-trust regulators. 

Once the deal is complete, the com- 
bination of IBM and Hog will put BRM 
on the map, said Forrester's Rymer, who 
compared it to IBM's acquisition of 
Lotus in 1995. 

"Within about three years, IBM 
about tripled Lotus' business," Rymer 
recalled, anticipating similar results 
with Hog. "IBM has got more people 
on the street, more services, and 
because they're IBM, there's a seal of 
approval on it." I 



1L0G IS THE BIG FISH HERE' 



The proposed US$338 million acquisition by IBM of business rules manage- 
ment (BRM) software company Hog is another sign of the consolidation of a 
nascent market for software that automates the process of making deci- 
sions for companies. Although Gartner analyst David McCoy said that "Hog 
is the big fish here/' other BRM players have been reeled in through other 
acquisitions just in the last year: 

• SAP acquired Yasu Technologies in October 2007 for an undisclosed amount. 

• RuleBurst acquired Haley Systems in November 2007 for an undisclosed amount. 

• Trilogy acquired Gensym for $2.35 for each share of Gensym stock in August 2007. 

Source: SD Times Reporting 
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Is Midori the future of Microsoft's Windows 



< continued from page 1 

posite of local and remote com- 
ponents and services. To that 
end, Midori will focus on con- 
currency, both for distributed 
applications and local ones. 



According to the documenta- 
tion, Midori will be built with an 
asynchronous-only architecture 
that is built for task concurrency 
and parallel use of local and dis- 
tributed resources, with a dis- 



tributed component-based and 
data-driven application model, 
and dynamic management of 
power and other resources. 

Midoris design treats con- 
currency as a core principle, 



beyond what even the Microsoft 
Robotics Group is trying to 
accomplish, said Tandy Trower, 
general manager of the 
Microsoft Robotics Group. 
The Midori documents fore- 
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see applications running across 
a multitude of topologies, rang- 
ing from client-server and mul- 
ti-tier deployments to peer-to- 
peer at the edge, and in the 
cloud data center. Those 
topologies form a heteroge- 
neous mesh where capabilities 
can exist at separate places. 

In order to efficiently dis- 
tribute applications across 
nodes, Midori will introduce a 
higher-level application model 
that abstracts the details of 
physical machines and proces- 
sors. The model will be consis- 
tent for both the distributed and 
local concurrency layers, and it 
is internally known as Asynchro- 
nous Promise Architecture. 

PROGRAMMING WITH MIDORI 

Midori will have provisions for 
distributed concurrency — or 
cloud computing — where appli- 
cation components exist in data 
centers. Doing so will require 
work in three areas: execution 
techniques, a platform stack and 
a programming model that can 
tolerate cancellation, intermit- 
tent connectivity and latency. 

In that scenario, operating 
system services, such as storage, 
would either be provided to the 
applications by the OS or be 
discovered across a trusted dis- 
tributed environment. 

Likewise for local concurren- 
cy, Midori will have a program- 
ming model, a platform stack 
and execution techniques that 
are intended to help developers 
write applications that can safely 
and efficiently use a greater 
number of hardware threads 
than is currently feasible. Ele- 
ments in local parallelism inter- 
act through shared memory, 
which is the huge difference 
with distributed applications, 
said Microsoft distinguished 
engineer John Manferdelli, in a 
separate interview. 

"Mere mortal developers 
need a programming model 
/application model that lets 
them distribute processing to 
massively parallel devices with- 
out having to become experts," 
explained Forrester senior 
analyst Jeffrey Hammond in an 
e-mail. "Even with the quad- 
core Intel chips today, you 
have to have specialist teams to 
take full advantage of them." 

These design goals affect 
aspects of the system that 
include its application model, 
scheduling and storage. Indeed, 
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operating system? 
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big changes are in store for 
Microsoft developers. The pro- 
gramming model will tackle 
state management, which 
Microsoft admits in its docu- 
mentation is a challenge in 
Windows, by migrating APIs, 
applications and developers to a 
constrained model. 

Other objectives are elimi- 
nating dynamic loading and in- 
process extensions; developing 
a failure model based on reli- 
able transactions, so the system 
understands exactly which 
processes are impacted by a 
cascading failure and how to 
restart the computation; and 
having a standard way of deal- 
ing with latency, asynchronous 
behavior and cancellation, 
throughout the stack. 

Forrester's Hammond said 
that doing away with dynamic 
loading and in-process exten- 
sions was worrisome. "I'm 
going to assume that eliminat- 
ing dynamic loading doesn't 
prevent dynamic language exe- 
cution," in virtualized inter- 
preters. Microsoft, he added, 
must "be clear that restricting 
dynamism at the OS level will 
not impact dynamism at the 
programming level." 

The Midori programming 
model will be particularly use- 
ful for SOAs, by allowing for 
the decomposition of applica- 
tions into services that can be 
partitioned across tiers. 

Hammond said that putting 
SOA into the runtime makes 
sense, as that would remove a 
certain amount of middleware 
complexity. "Why shouldn't the 
average developer begin to think 
in terms of lightweight, asyn- 
chronous services?" he asked. 
"After all, that's the migration 
path we're seeing on the Web." 

In a possible link to 
Microsoft's Oslo composite appli- 
cation initiative, the program- 
ming model will have a depen- 
dence on metadata, with the aim 
of allowing the system to more 
reliably manage applications. 

"This allows existing develop- 
ment tools to be easily repur- 
posed while a lot of the complex- 
ity is hidden from the developer 
that is using it. We essentially see 
declarative programming replac- 
ing imperative programming at 
the OS level," said Hammond. 
He noted that by having Oslo in 
place first, Microsoft would have 
an easier time when it begins the 
migration from today's Windows 



applications to Midori or hybrid 
applications. 

"I wonder if [Microsoft] 
concluded this sort of 10-year 
sea change was needed before 
kicking Oslo into high gear?" 



asked Hammond. 

The Midori documents indi- 
cate that the proposed OS 
would have a non-blocking 
object-oriented framework 
API. This would have strong 
notions of immutability — in the 
sense of objects that cannot be 
modified once created — and 
strive to foster application cor- 



rectness through deep verifia- 
bility by using .NET program- 
ming languages. 

At the presentation layer, 
Microsoft is making a clean 
break from the existing Windows 
GUI model, where applications 
must update their display on one 
and only one thread at a time, 
and the associated problems that 



affect OS stability and make it 
more difficult to write multi- 
threaded applications. 

The Midori documents 
indicate that the company has 
not decided what user inter- 
face abstractions are appropri- 
ate when applications cut 
across boundaries, or how to 
combine the best qualities of 



Intellectuals solve problems. 
Geniuses prevent them. 



— Albert Einstein 
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Seapine reloads config and test tracking tools 



BY P.J. CONNOLLY 

Although few developers can 
resist a challenge, that really 
shouldn't be the case when 
speaking of one's tools. Recog- 
nizing this, Seapine Software 
has reloaded its offerings in the 



areas of software configuration 
management (SCM), defect 
tracking, and test automation 
and planning, with ease of use 
as one of its objectives. 

The company's Surround 
SCM now works in an integrat- 



ed fashion with Eclipse 3.3, Jet- 
Brains' IntelliJ IDEA 6.0 and 
7.0, and Sun Microsystems' 
NetBeans. Meanwhile, the 
integration with Visual Studio 
in Surround SCM version 
2008.1 adds the ability to create 



labels, merge files and set the 
file workflow state from within 
the shortcut menu. The update 
also includes a new view of Sur- 
round SCM's branch list, with a 
hierarchical branch combo box 
that's available from the Source 
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LEADT00LS 
Raster Imaging Pro 

by LEAD Technologies 

Load, save and convert 1 50+ image formats 
including TIFF, EXIF and PDF, supporting many 
compressions. Acquire images from TWAIN or 
32/64bit WIA devices. Apply transforms, color 
space conversions and 200+ region aware 
image processing routines. Also includes high 
level display controls, thumbnail browser, pan 
window and imaging common dialogs. 
•. NET, API, C++ Class Libraries &WPF 
•AJAX and ASP.Net Web Form Controls 

• COM Interop wrapper for .NET 

• Royalty Free 

programmers.com/lead 

DevTrack Small Team Edition 

Powerful Defect and Project Tracking 
by TechExcel 

TechExcel DevTrack is the most powerful, 
affordable and easy-to-use defect and project 
tracking tool for development organizations. 
You'll dramatically transform your development 
processes, save significant time and resources, 
and deliver quality products on-time and 
on-budget. 

• Sophisticated workflow engine 

• Point-and-click administration 

• Fully configurable user interface 
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by /n software 

The latest evolution of the most comprehensive j 
suite of Internet communications components j 
for professional developers is here! 
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Internet protocol including - FTP, HTTP, SMTP, j 

POP, IMAP, LDAP, DNS, RSS, SMS, Jabber, j 

SOAP, WebDav, REST, ATOM, RAS, XML, and j 
many more! 
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StorageCraft ShadowProtect 
IT Edition v3.x 

by StorageCraft 

Create, edit or restore backup images on as j 
many servers, desktops and laptops as needed, j 
Create online or cold state backups in minutes, j 
no software installation required. StorageCraft™ j 
ShadowProtect IT Edition provides complete 
bare metal recovery in minutes. ShadowProtect • 
IT Edition provides IT Professionals with a j 
bootable Windows environment to create and j 
restore compressed and encrypted backups, 
no software installation required. 
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| file format support 
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"Bottom line: dtSearch manages a terabyte oi 
text in a single index and returns results in 
less than a second. " — InfoWoi 
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Altova® MapForce® 2008 

Visual Data Conversion, 
Transformation, and 
Integration Tool 
by Altova 

MapForce: The premier data mapping, 
conversion, and integration tool from 
the creators of XMLSpy®. Through 
its visual interface, users can map 
seamlessly between any combination 
of XML, database, flat file, EDI, and/or 
Web service, then convert data instantly 
or auto-generate an application for 
recurrent transformations. Languages for 
code generation include: XSLT 1.0/2.0, 
XQuery, Java, C++, and C#. 



Telerik RadControls 

by Telerik 

Add grid, combo, editing, navigation and charting 
functionality to your AJAX and ASP.NET projects. 
RadControls for ASP.NET enhances your Web 
applications by adding AJAX functionality to your 
ASP.NET projects. The suite takes full advantage 
of the features included in Visual Studio 2005. 
RadControls for ASP.NET helps developers deliver 
feature-rich, standards-compliant (WAI-A, WCAG 
1.0, XHTML 1.1) and cross-browser compatible 
Web applications, while significantly cutting 
their development time. RadControls for ASP.NET 
includes: RadEditor, RadTabstrip, Radlnput, 
RadCalendar, RadUpload, RadWindow, RadAjax, 
RadGrid, RadCombobox, RadMenu, RadSpell, 
RadChart, RadTreeview and more. 
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VMware Management 
& Automation Bundle 

VMware Virtual Datacenter 
Automation is the first automation 
solution for the virtualized 
datacenter. It leverages the power 
of VMware Infrastructure to automate 
the previously manual and error-prone 
processes of IT Service Delivery and 
Business Continuity. IT Service Delivery 
represents the entire lifecycle for managing 
application infrastructure — from request, to 
deployment and eventual decommissioning. 
Business Continuity is ensuring fast, reliable 
and manageable recovery from disasters. 
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c-tree Plus® 

by FairCom 

With unparalleled performance and sophistication, 

c-tree Plus gives developers absolute control over 

their data management needs. Commercial 

developers use c-tree Plus for a wide 

variety of embedded, vertical market, 

and enterprise-wide database applications. 

Use any one or a combination of our flexible 

APIs including low-level and ISAM C APIs, simplified 

C and C++ database APIs, SQL, ODBC, or JDBC. 
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multi-user non-server applications or client-side Paradise # : 

application for FairCom's robust database server FO 1 1 3 1 

— the c-treeSQL™ Server. Windows to Mac to $7 1 1 99 

Unix all in one package. / I I • 
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TX Text Control 14 

Word Processing Components 

TX Text Control is royalty-free, 
robust and powerful word processing 
software in reusable component form. 

•. NET WinForms control for VB.NET and C# 
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• File formats DOCX, DOC, RTF, HTML, XML, TXT 

• PDF export without additional 3rd party 
tools or printer drivers 

• Nested tables, headers & footers, text 
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undo/redo, sections, merge fields 

• Ready-to-use toolbars and dialog boxes 
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Enterprise Architect 7.1 

Visualize, Document and 
Control Your Software Project 
by Sparx Systems 

Enterprise Architect is a comprehensive, 
integrated UML 2.1 modeling suite 
providing key benefits at each stage of 
system development. Enterprise Architect 
7.1 supports UML, SysML, BPMN and 
other open standards to analyze, design, 
test and construct reliable, well under- 
stood systems. Additional plug-ins are 
also available for Zachman Framework, 
MODAF, DoDAF and TOGAF, and to 
integrate with Eclipse and Visual Studio 
2005/2008. 

programmers.com/sparxsystems 

Multi-Edit 2008 

by Multi Edit Software 

Multi-Edit 2008 delivers, a powerful IDE, 
with its speed, depth, and support for 
over 50 languages. Enhanced search 
functions include Perl 5 Regular 
Expressions and definable filters. 
Supports large DOS/Windows, UNIX, 
binary and Mac files. File Sync 
Integration for: Delphi 6, 7, 2005, 
C++Builder 6, BDS 2006 and RadStudio 
2007,VB6,VC6,VS2003&VS 
2005. Includes file compare, code 
beautifying, command maps, and 
much more. 
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Tree view's Branch menu. 

As for branches, this release 
has new branch history capabil- 
ities, and allows administrators 
to restrict the ability to rollback 
branch promotes and rebases, 
preventing users from inadver- 
tently undoing large amounts of 
file changes. The Surround 
SCM refresh also adds the abil- 
ity to run multiple comparison 
windows by supporting multi- 
ple instances of the integrated 
Guiffy diff-merge utility. 

Working directories in Sur- 
round SCM 2008.1 can now be 
opened from within the tool's 
client to reduce the time spent 
looking for files on local 
machines. This can be done in a 
Linux or Solaris file manager, 
the Mac OS X Finder, or Win- 
dows Explorer. 

Meanwhile, things have 
proceeded apace with Seap- 
ine's tools for defect tracking 
and test planning. TestTrack 
Studio 2008.1 now allows mul- 
tiple top-level windows, letting 
users arrange and resize win- 
dows to suit their current 
work. A single parent view 
remains available for those 
who want to keep a tight rein 
on their screen real estate. 

The TestTrack Studio 
update includes so-called silent 
events, with the aim of stream- 
lining workflow by reducing 
unnecessary user interaction. 
The UI in this release has been 
reworked for efficiency, includ- 
ing the ability to resize toolbar 
icons and display toolbar but- 
tons with icons, text or both. 

New duplication options 
allow the use of test items as 
templates and the entry of 
multiple defects, test cases or 
test runs. History and work- 
flow data as well as file attach- 
ments can be cloned, making 
it easier to manage defects 
across multiple platforms or 
releases. TestTrack Studio 
2008.1 also adds the ability to 
work with PostgreSQL as a 
back-end database. 

The company also updated 
its QA Wizard Pro test 
automation tool to release 
2007.3, adding the ability to 
test applications built with 
Delphi for Win32 and .NET, 
and the ability to record and 
perform double-clicks on rele- 
vant controls. It also includes a 
line-by-line playback view of 
the execution, from either a 
playback status window or the 
Windows taskbar. I 




ujuIGV Ki; i]'i K.«i M ? Effij « *1M£ w«i'»;»i«tsJfV- 




The Professional Developer's #1 Choice for Qommun lea t ions, Security, & E-Business Components 



Internet Communications 



InternetBusmess 



Enterprise Adapters 



IP*Works! Products 

TCP/IP Secure SNMP 

SSL ZEp 

S/MIME EDIAS2 
S/ Shell 

Our fi agsMp product line. The result 
cf more than g decade of research 
and development in building Internet 
connectivity torts for professional 
software developers, 

Components for: Web and Wrob 
Services, Email and Me^a, FI*e Transfer, 
Sockets anasue&nfihg. Remote Access- 
Instant Messaging, SSL and Secure 
Shell 5acufity r Certificate Management 
& Creatlqn, S/MLrne En caption. SNWP 
Network Management, File a Streaming 
Compression, and E-Bjsiness(B3B). 



ISii Integrator Products 



QuIckSooks 


First Data 


E-Payment 


USPS 


E-Banking 


FedEx 


Vltal/TSYS 


Amazon 


Paymentech 


PayPal 



The I Biz product line provides s^ia 1 1 
and medium-sized companies with 
enterp^isc-cios5 software components 
fpr Internet business integration . Built 
on top of our award winning IP* Works I 
tools, these easy to use components 
enable developers to napldty irueg^aLe 
common business processes. 

Components for: Acctfun'.inB Integration 
{(Juiek&oote). Credit Card Proofing, 
A£H / E-ChecK Processing, Shaping aotf 
Tracking, Banking SFinancIa I Transac- 
itons, and Services Integration. 



BizTalk& SQL Server Adapters 



AS2/EDMNT 
SFTP/ FTPS 
XMPP [Jabber] 
SMS Paging 
A WS Integration 



G1SB/NAE5B 

OFTP 

Sec j re Shell 

Secure Email 



The /n software Adapters extend 
Microsoft BizTalk snd SQL Server with 
a d va need I niter net corn m u n irations,. 
security, and e-business capabFlitses, 
including robust, highly scalable^ fully 
integrated implementations of G2B 
messaging sod secure communica- 
tions protocols. 

Comfwnentefw EDHNT AS2 Inleg^tion, 
Secure Fit^ Transfer. Secure Shell Remote 
Execution,, Secure Email, RosetlaWet 
Connectivity, OFTF Integration, NAE5B/ 
CISB Messaging, and more. 



WWW.MSOFTWARE.COM - (ASK ABOUT OUR MSDN-STVIE ALL KWCLUSIVE RED CARPET SUBSCRIPTIONS] 



© software 







* *» 



/ 



V* f 



:i.iiiim til frurti I >!■■« ijrl itiur TiM "i:iiinriimr1ivrri< :i« im ' 1 — 3 tai ^rllrrlji -iji ■ ■ im ■■ -liH-i-Amuh^r'v^rJiji hufcmHH 
in^mMwdui mjul-u* L>- IrjiJni-u 1 -- L^rv-bf IBM M 3hii-:«T nfciL n:ulkri-*wfe f Jit' wl B^HIt^IhmbiP: mifutm: fci. inj__._l_ 



,' 



, * * 



< ' ' 




.INFRASTRUCTURE LOG 

_DAY 58: Our project teams ore working from too many different 
places. They can't work with each other the way they need to. 
How can we stay on top of our constantly tfiarvging development 
projects when everyone's 50 isolated? People might as well be 
working on another planet. 

_I know trie moon is not a planet,.. thanks, Rptndexter, 

_DA¥ 61: A truly better way to coVUibo rater IBM Rational Teem 
Concert. It' 5 built on the Jazz' 11 Technology Platform for 
real-time collaboration and grater productivity. It gives us 

complete visibility into our projects and keeps us all in sync 
no matter who's on which project or where they are. 

_Now we can support our local teams, Our global teams. Even 
our intergalactu teams . 



Download Rational Team Concert at. 
IBM.COM/TAKEBACKCONTR0UJAZZ 
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Coghead lets developers 
'slice' their applications 



BY ROBERT MULLINS 

Hosting Web applications for 
US$10 per user per month 
sounds like a bargain until the 
site gets popular and the costs 
shoot up. Platform-as-a-service 
provider Coghead has revised 
its pricing structure to appeal to 
application owners that have 
some end users only rarely 
accessing the application. 

Coghead announced in July 
that it is offering what it calls 
Coglet Builder and new APIs 
that will allow application 
developers to "slice off a por- 
tion of their application that 
much of their audience uses, 
but less often than other parts, 
said CEO Paul McNamara. 

Instead of paying $10 per 
user per month for application 
hosting, developers would be 
billed $50 per month for an 
unlimited number of users who 
use just a slice of the applica- 
tions, McNamara explained. 

McNamara gave the example 



of a wine distributor with an 
operations application for ship- 
ping, ordering from suppliers 
and other business functions. It 
may have just four or five 
employees using that application 
regularly, but other users also 
access it, though not as often. 
The distributor can peel off a 
slice of the application that's 
only of interest to retailers, such 
as ordering from inventory. Cog- 
head would charge the $50 a 
month to an unlimited number 
of users for that slice. 

In another example, a group 
that manages stock option 
accounts for a company's 
employees may have just a few 
people that use the application 
regularly, but it will want to 
peel a slice of the application 
off for the employees who just 
want to occasionally view their 
own accounts. 

These slices are the equiva- 
lent of the tiny widgets or gad- 
gets that sit on a Web site or 




Paul McNamara envisions an 
eBay-style app marketplace. 

desktop and perform a unique 
function like weather forecast- 
ing, tracking stocks or telling 
the joke of the day, said 
McNamara. 

The Coglet announcement 
follows a move by Coghead in 
April to launch an eBay- type 
marketplace, where develop- 
ers could create and then sell 
their applications for free. I 



GIZMOX MAKES SILVERLIGHT WEB GUI 



BY DAVID WORTHINGTON 

The developer of an open-source 
rapid application development 
framework is now using Sil- 
verlight at the presentation layer. 
The framework is built to create 
line-of-business applications that 
run on Microsoft's Internet 
Information Services Web server 

On July 16, Gizmox 
announced a feature complete 
beta of Visual WebGui (VWG) 
that has an extension to the 
VWG server allowing the use of 
Silverlight-based GUIs. 

VWG 6.1.2 integrates with 
Visual Studio 2003 through 



2008, adding a drag-and-drop 
designer for developing Web 
applications. Applications cre- 
ated with VWG can be accessed 
through multiple presentation 
layers, including ASP.NET, 
DHTML and Silverlight. 

IIS routes requests from a 
Web application to the VWG 
server component, which then 
serves up files required to 
stream the Silverlight UI. 

VWG can also migrate exist- 
ing Visual Basic 6 and Windows 
Forms applications to a Sil- 
verlight interface without a 
rewrite, the company claims. I 



Curl unleashes open-source data kit 

The Curl Data Kit project got 
under way last year, along with 
the company's open-source 
developer tooling and Web ser- 
vices efforts. Curl's Web Services 
Development Kit became gener- 
ally available earlier this year, and 
the Curl Developer Utilities pro- 
ject, which provides unit testing 
and project development fea- 
tures, is still an alpha release. All 
three are offered by Curl under 
the Apache 2.0 License and are 
hosted on SourceForge. I 



BY P.J. CONNOLLY 

Curl has announced the second 
part of its open-source initiative 
with the release of the Curl 
Data Kit. The project joins 
Curl's platform for rich Internet 
applications — now in its 6.0 
version — and allows the storage 
and retrieval of data with the 
SQLite engine. It can also be 
used with the company's Curl 
Nitro, an extension of the Curl 
RIA platform that is currently 
being beta tested. 



Green Hat 

Best practices in software testing are moving to the next level. No 
longer can organizations afford to rely only on products that simply 
test code. Smart enterprise managers want assurance of quality from 
the beginning to the end of the business process. That's just what 
Green Hat's suite of products automates for the SOA ecosystem.And 
that's what earned Green Hat — which acquired the Solstice Software 
business earlier this year — a place in the 2008 SD Times 100. 

Green Hat's automated testing technology makes a business 
more agile with reduced costs and time-to-market by assuring 
changes to business process that are necessary to compete, collab- 
orate and deliver customer service. 

"We have always been focused on the business process," says 
Madeline Bayliss, Green Hat's vice president of strategic partner- 
ships and marketing. 'Today's processes operate as complex inte- 
grated systems over a heterogeneous infrastructure. 
Quality goes beyond development defects. It means 
assuring expected results of interactions and 
transactions across the architecture, among all 
parties, and in compliance with any internal 
or external policies and standards." 

With operations in North America, 

Europe and Asia Pacific, Green Hat is 

the first truly global company with 




some of the largest enterprise clients in the world. 

Among them are most of the top-tier banks, leading 

telco and energy companies and a host of other 

diversified industries.That's because Green Hat continually delivers 

profitable innovation. 

"If your processes are working, they're generating revenue and 
satisfying customers," says Bayliss. "Our bottom-line value is to 
keep accelerating the degree of automation across the SOA life 
cycle. We invented simulation technology that virtualizes individual 
messages to entire environments. We've developed intelligence 
from test coverage and performance data that allows you to not 
just test, but also actually manage your business process results." 

Green Hat technology supports the broadest range of industry 
protocols, middleware and governance platforms and provides APIs 
for custom message formats. Vendor partners include FioranoMQ, 
IBM, Oracle BEA, Progress, Software AG andTIBCO.Their products 
even integrate with other testing 
tools to complement your 
investment in traditional code 
testing, as from HP, Compuware 
and IBM. Advanced automation 
means a fast on-ramp from install 
to deployment with the click of a 
mouse. Download a free trial at 
www.greenhatsoftware.com. (# 
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LUandisco 




Realizing the benefits of globally distributed software development 
can be difficult. Downtime, slow connection speeds, intellectual 
property protection and remote site administration all create barri- 
ers that are sometimes impossible to overcome. That was until the 
arrival ofWANdisco, named to the 2008 SD Times 1 00, the software 
development industry's annual listing of leaders and innovators. 

'This is recognition that WANdisco's unique technology pushes 
the limits of what can be achieved with systems deployed over a 
wide area network," explains David Richards, President and CEO of 
WANdisco. "By using WANdisco's replication technology, Fortune 
Global 1000 companies such as AT&T, Honda, NTT and Motorola 
can now develop software anywhere without any constraints." 

The top factor driving companies to purchase WANdisco's suite 
of products for Subversion, CVS and J IRA are high availability and 
disaster recovery. Because WANdisco's technology main- 
tains exact replicas of the data over a wide area net- 
work, then there is no downtime or data loss even in 
the event of a server failure, prolonged net- 
work outage or natural disasters such as 
floods, fires or earthquakes. 

"One of our customers had a build- 
ing destroyed during an earthquake in 




Chengdu, China, earlier this year," continues 
Richards. "They lost no data and suffered no down- 
time because the users who were working at that 
site were automatically failed-over to a server in a dif- 
ferent geographic region." 

The adoption of WANdisco's technology has accelerated in no 
small part due to the increasing popularity of Subversion and JIRA. 
"One of the major selling points we have is that there are no 
changes to existing systems. As a consequence, there really is no 
training or learning curve for users to start using WANdisco. In fact 
many end users don't even know that they are using WANdisco at 
all," Richards explains. 

WANdisco supports Subversion with Subversion MultiSite, Sub- 
version Clustering, Subversion High Availability and Subversion 
Access Control. JIRA users can benefit by deploying WANdisco's 
Clustering and MultiSite versions of the best-selling issue tracker, 
defect tracker and project management tool. WANdisco's products 
for CVS include CVS 
MultiSite, CVS High 
Availability, CVS Clus- 
tering and CVS Access 
Control. Learn more at 
WANdisco.com. (i 








WINNER'S PROFILE 



Rally 



With industry-leading Agile life-cycle management solutions, world- 
class Agile coaching and award-winning community support, Rally Soft- 
ware stands out from the competition. Rally's on-demand solutions for 
managing the entire software development life cycle are so good that 
Rally has been named to the 2008 SD Times 100 — the list of the soft- 
ware development industry's most innovative companies, in the devel- 
oper tools category. 

The reason for Rally's success is no secret to its enterprise-sized 
customer base; the company supports more than 400 corporate cus- 
tomers and has 20,000 active subscribers in more than 30 countries. 

"With a dedicated focus on Agile, Rally helps software organizations 

of all sizes incrementally adopt and scale Agile practices to shorten 

development cycles and collaborate across distributed teams," says Zach 

Nies, the company's vice president of products. "And Rally's solutions 

deliver deep support for all roles in the software development life 

cycle, so you can replace expensive and poorly integrated 

point tools with a highly secure, hosted Web service." 

In a recent third-party study, it was proven 
that Rally customer BMC Software had devel- 
opment cycles that were nearly three 
times faster than the industry average, 
with only one-quarter the expected 
number of defects. BMC also 
achieved 20% to 50% improvements 




winner! 




in individual team productivity by using Rally's Agile life- 
cycle management solutions. 

Rally's Community Edition is free for as many as 10 
users and provides effortless Agile project management for sin- 
gle release teams, including defect management. Rally Enterprise Edition 
delivers full-powered Agile project and program management, including 
hierarchical requirements management; test and defect management; and 
integration with development, test and build environments. 

To extend your existing enterprise tooling investments and reduce 
implementation costs, Rally also provides its Integration Hub. Rally's 
Integration Hub connects role-based tools in a common repository so 
timely information flows between all departments involved in the idea- 
to-delivery life cycle. 

Rally's end-to-end solutions for Agile development also include Agile 
University, the largest online source for Agile training, and Agile Com- 
mons, the largest collaborative Web 2.0 community dedicated to 
advancing software agility. 

"Rally's product road map is completely customer-driven," Nies 
adds. In a pioneering demonstration of customer-driven Agile develop- 
ment, Agile Commons includes a Rally User Community, where Rally's 
product road map is posted publicly, allowing 
customers to prioritize and collaboratively 
design upcoming feature enhancements. 
Learn more about Rally, Agile University and 
Agile Commons at www.rallydev.com.® 
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HP integrates portfolio stack 



BY DAVID WORTHINGTON 

Hewlett-Packard has extended 
its application life-cycle man- 
agement and IT service man- 
agement capabilities to include 
upstream CIO and project 



management. 

HP Project and Portfolio 
Management (PPM) Center 7.5 
became generally available July 
22 in both on-premises and SaaS 
editions. As part of the release, 



HP Education Services has 
added complementary courses 
that cover the skills needed to 
succeed with demand manage- 
ment and project management. 
The update adds automated 



workflows and team collabora- 
tion tools for deployments 
alongside Microsoft Project. In 
addition, HP has made changes 
to its demand management, 
portfolio management, project 
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management, resource man- 
agement and time management 
modules, said Ken Cheney, the 
director of product marketing 
for HP Software. 

PPM Center 7.5 is a key part 
of the company's broader busi- 
ness technology optimization 
portfolio — one that is being 
increasingly tied together and 
called BTO for short. 

HP has included what it calls 
new integrations with other 
BTO software, including HP 
Service Management Center, to 
provide visibility to helpdesk 
administrators; HP Quality 
Center, to provide visibility into 
the quality phase of a project; 
and HP Universal Configura- 
tion Management Database, to 
increase upstream visibility and 
to manage change. 

The purpose of the integra- 
tions, said Cheney, is to deliver a 
solution that bridges "islands of 
automation," with the goal of cre- 
ating a solution that helps busi- 
nesses coordinate across domains. 

Forrester research analyst 
Lewis Cardin wrote in a 2007 
report that integrated IT man- 
agement tools are a good fit for 
organizations that are getting a 
handle on their spending and 
that seek "the option of a full- 
service [project portfolio man- 
agement] solution to comple- 
ment the software." I 

KANNUU BETAS 
IPHONE SEARCH 

BY P.J. CONNOLLY 

A specialist in indexing and 
lookup has made its search 
tools available for iPhone appli- 
cation development. 

Last month, Kannuu 
announced the beta release of its 
software development kit for 
iPhone. The SDK includes sam- 
ple Cocoa library code, and 
according to the company, Kan- 
nuu-enabled applications adhere 
to Apples UI specifications. 

The UI presents users with 
what Kannuu calls an intuitive 
interface, where the four most 
likely characters in a search are 
presented via a directional con- 
troller. The company says that 
this eliminates many sources of 
user frustration, such as auto- 
complete, A-Z searches and 
having to pick through multiple 
menus and settings options. 

Kannuu expects that develop- 
ers who implement its search 
capabilities can increase the 
amount of content available to 
their mobile applications, creat- 
ing new search and find options. I 
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More coverage: Microsoft's Midori operating system 



< continued from page 23 

rich client applications and 
Web applications. 

Midoris applications would 
be created using .NET lan- 
guages that will be compiled to 
native code using the Bartok 
compiler and runtime system, 
which is presently a Microsoft 
Search project. The Bartok com- 
piler can typecheck machine 
code programs for programming 
errors thanks to its use of an 
intermediate typed language, 
according to the company. 

Microsoft's objective is to 
force developers to create appli- 
cations that are correct by con- 
struction, and it has repeatedly 
pledged to shore up the overall 
security of the operating system. 
The use of .NET languages in 
Midori will create a new, safer 
programming model with high- 
er-level reasoning, predicted 
Larry O'Brien, an independent 
analyst and consultant who 
writes the Windows & .NET 
Watch column for SD Times. 

Another advantage of using 
.NET languages is retargeting, 
O'Brien said. "A very smart 
compiler or runtime could 
move a calculation onto a GPU 
or distribute it across cores," he 
explained. 

However, O'Brien observed 
that some of the onus for mak- 
ing this work might end up on 
developers. The Midori docu- 
ments note, somewhat ambigu- 
ously, that applications were 
expected to "contain sufficient 
latent parallelism." O'Brien 
asked, "In a world where 
Moore's Law doesn't imply the 
speed of individual compo- 
nents, where does this expecta- 
tion come from?" 

The Midori design will also 
incorporate a type-safe abstrac- 
tion set based upon a .NET lan- 
guage in order to provide a sys- 
tem binary interface that will 
eliminate the current break 
between the operating system 
and virtual machine runtime. 

The abstraction set will 
eliminate an entire class of pro- 
gramming errors that stem 
from bad pointer arithmetic, 
enable the changing of the 
boundaries between privileged 
and unprivileged code, and pro- 
vide for universal application 
analysis and instrumentation, 
Microsoft reasons. 

The use of an abstraction 
set, said Hammond, "reflects 
the reality of programming 




Rudder may be heading the team. 

today: The vast majority of pro- 
fessional developers, especially 
those in IT and out on the Web, 
don't deal with low level con- 
structs. Unless you're a game 
developer, ISV or systems pro- 
grammer, there really isn't the 
need to do pointer math." 

Hammond says Microsoft 
should create a programming 
model that "mere mortals" 
could actually understand, akin 
to the early days of Win32 
when Visual Basic was born. 

Even though memory safety 
and type safety are deeply inte- 
grated into Midori's design, 
Microsoft hasn't determined 
just how low to permit the Bar- 
tok runtime to delve into the 
kernel, or alternatively, whether 
it will allow some unmanaged 
processes to rely on Midori's 
hardware address spaces. 

The company also acknowl- 
edges that thread safety 
remains elusive, and it is inves- 



tigating transactional memory 
as a proposed solution. O'Brien 
noted that there is significant 
indecision in the program mod- 
el. "On the one hand, the 
phrase 'strong notions of 
immutability' has serious impli- 
cations if meant formally, but 
elsewhere we see 'thread safety 
remains elusive' and a laundry 
list of things that might con- 
tribute to a solution," he said. 

Backwards compatibility 
with legacy applications and 
hardware has also been consid- 
ered; several Midori compo- 
nents already run on Windows 
as well. 

THE FUNDAMENTALS 

Unlike Windows, Microsoft 
intends for Midori to be com- 
ponentized from the beginning 
to achieve performance and 
security benefits. It will have 
strong isolation boundaries and 
enforced contracts between 
components, to ensure that ser- 
vicing one component will not 
cause others to fail, while keep- 
ing overhead minimal. 

Midori has two separate ker- 
nel layers: a microkernel com- 
prised of unmanaged code that 
controls hardware and environ- 
ment abstracts, and higher-level 
managed kernel services that 
provide the full set of operating 
system functionality. 

The OS will have a single 
scheduling framework for all 
device types, known internally as 
the Resource Management 
Infrastructure. RMI will have 
provisions for resource account- 



ing, quotas and management; 
resources including IO band- 
width, memory, power and 
response time will be monitored. 

Microsoft believes that pow- 
er-based scheduling will be par- 
ticularly useful for mobile 
devices. It is considering creat- 
ing a layered, thin platform for 
such devices, but it remains 
unclear how far the company 
can go with a single code base. 

The device ecosystem will 
affect how Microsoft imple- 
ments storage, perhaps by teas- 
ing functionality out of the OS 
and moving it into distributed 
services, with parts of the ser- 
vice running on the device. 

"In this scenario, you estab- 
lish Midori not so much as a 
replacement for Windows," 
Hammond noted, "but as the 
hub of a new type of distributed 
system, which Windows 
machines connect into until 
they are no longer needed," in a 
fashion similar to IBM's multi- 
year transition path for moving 
its iSeries customers to pSeries 
and xSeries platforms. 

Hammond went on to fore- 
cast that there will be a deluge 
of mobile devices introduced 
over the next several years built 
with similar hardware, but with 
a range of different power and 
form factors. 

Microsoft also envisions 
higher-level opportunities for 
storage, including compliance, 
compression, consistent repli- 
cation, computation close to 
data, encryption, indexing and 
search, as well as storage in the 



cloud. Midori provides a built- 
in multi-master replication for 
complex data. 

Scheduling, a process that 
allows multiple processes to run 
on the processor at the same 
time, will be integrated in 
Midori at the user-mode appli- 
cation level, from both the 
desktop and across distributed 
applications in the cloud. Its 
distributing scheduling may 
include active task migration, 
an activity that today is per- 
formed by hypervisors. 

Notably, Midori's scheduling 
may provide hooks for third 
parties to integrate software 
that asynchronously updates 
scheduling tables. 

The intention is to enable 
developers to create collabora- 
tive Web-like applications, such 
as active documents, that oper- 
ate safely and securely at the 
OS level. Resource quotas will 
be used to prevent denial-of- 
service attacks. 

"This is the second attempt 
at re-implementing OS schedul- 
ing that I've seen announced in 
as many months," Hammond 
remarked. "[Steve] Jobs talked 
[at the Apple Worldwide Devel- 
opers Conference on June 9] 
about how Snow Leopard was 
going to have a new scheduling 
framework that would make 
take advantage of multicore eas- 
ier for OS X developers. This 
seems to reach similar conclu- 
sions, and then take it to the 
next step in terms of scheduling 
flexibility," he added. I 



SHAREPOINT TECHNICAL CONFERENCE ANNOUNCED 

Classes, workshops tailored to IT pros, business people, developers 



BY DAVID RUBINSTEIN 

It started out as a tool for collaboration. 
But Microsoft Office Share Point Server 
and Windows SharePoint Services have 
moved to the very heart of the enterprise, 
involving developers, systems administra- 
tors and executives alike in the creation 
and deployment of new business solutions. 

In fact, the technology is gaining such 
widespread adoption that a shortage of 
workers with SharePoint expertise appears 
to be growing. 

To help bring IT up to speed, Software 
Development Times publisher BZ Media 
is announcing SPTechCon, the SharePoint 
Technical Conference, to be held Jan. 26 
to 28 at the Hyatt Regency San Francisco 
Airport Hotel in Burlingame, Calif. BZ 



Media also produces the successful Soft- 
ware Test & Performance Conference, 
FutureTest and the Java-centric Eclipse- 
World conference. 

The three-day conference is the only 
one of its kind to include classes and work- 
shops for IT professionals, business ana- 
lysts and developers, and it will be divided 
into three tracks of classes and workshops 
accordingly. Each presenter at the confer- 
ence will be a true SharePoint expert, with 
many drawn from Microsoft's tech teams 
or from outside authorities with MVP sta- 
tus. In all, more than 40 practical sessions 
will be offered. 

Day One of the conference will consist 
of half-day or full-day workshops, while 
the next two days will feature keynotes 



and technical classes, as well as some 
social events that will provide attendees 
with a chance to speak with experts in a 
more casual setting and to exchange infor- 
mation with their peers. 

"SharePoint is more than an applica- 
tion — it's a strategic corporate platform 
that touches many aspects of a company's 
information strategy, just like an enterprise 
database, ERP system or customer rela- 
tionship management system," said Alan 
Zeichick, co-founder of BZ Media, which 
also publishes Software Development 
Times. "SPTechCon addresses an impor- 
tant need: training IT managers, adminis- 
trators and professionals about SharePoint, 
and also bringing case studies and business 
ideas to corporate managers." I 



Are you new to SharePoint? 

■ Have some experience, but are looking for more? 

■ An expert looking for advanced skills? 

If you answered "yes" to any of these questions, 
then SPTechCon is for you! 
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SPTechCon offers a deep dive into the 
architecture, and provides practical classes on 
iuch SftarePoint-centric features 35 Web parts. 
lists and pages. 

Learn hew to create applications for ShanePoinl 
that solve real business problems, and also see 
what kind of third-party applications have already 
been created to run 0*1 lop of SharePoinl. 



For more information, go to WWW.SptechCOn.COfTl 
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"...the first full-featured Web CMS 
built entirely on .NET." 

-Brice Dunwoodie, CMSWire 03/22/04 



Integrate with Visual Studio 

With the Ektron CMS400.NET platform, you can build flexible .NET applications 
in VB.NET or C# using Visual Studio, taking full advantage of comprehensive 
Ektron-specific Intellisense. 

Customize your solution 

Start from scratch and build custom .NET user controls using Ektron's API to 
meet the demands of a specific project. 

Jump start your project 

Ektron has pre-built an extensive collection of server controls that allow .NET 
developers to quickly deploy core content management and Web site 
functionality. 

Integrate seamlessly 

Ektron CMS400. NET'S standardization on the .NET framework and extensive 
support for Web services allows for seamless integration into an existing IT 
infrastructure. 

Hook CMS events 

Ektron's plug-in architecture allows you to create custom event handlers, 
triggered by Ektron CMS400.NET events, to manage specific processes in your 
.NET Web application. 
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he very best practice in software development may well be to 
embrace the understanding that there is no single "best" way 
Everyone does their best a little differently: reducing pages of hand- 
written notes to a few equations, the implementation of which is triv- 
ial; writing a program on the couch while a football game plays in the 
background; rolling out new features month after month; or participating 
in an enterprise-wide rollout that takes 18 months to plan and deliver. All 
of these might be one's "best" experience, but all of them are developed in 
very different ways. So, let's narrow things down a bit. 
Corporate development is that of software built for commercial purposes, but not for direct 
resale. It may generate value directly, as in a Web storefront, or indirectly, as in supply chain coor- 
dination, but at its core it is in service to the company's bottom line. Corporate development 
embodies significant domain knowledge and business rules; this creates a characteristic combination 
of logic that's "so obvious, no one's ever stated it" and, likewise, it's "not understood but has to be 
implemented to stay competitive." 

There's typically a Web component to such software, but 100% compatibility with all the world's 
browsers and OSes is not usually a concern; a requirement to use IE or even a beta version of Silverlight 
may well be acceptable if it delivers high value. 

Speed of development is the final sticking point for corporate development. All corporate development teams 
have a backlog. Even — maybe especially — in companies that don't consider themselves in the business of software 
development, time to develop and time to deploy are often the two factors that control the rate at which the com- 
pany can seize new opportunities. So there is always a continued on page 36 ► 
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.NET TO THE FUTURE 



< continued from page 35 

premium on high productivity in corpo- 
rate development. 

But in opposition to high productivi- 
ty is risk: risk of major delay, risk of a 
show-stopping technical incompatibility, 
or risk of embracing a tool or technique 
that is reaching the end of its evolution. 
Such risks can have huge costs, and it's 
very reasonable for project managers to 
make conservative decisions, especially 
when it comes to critical infrastructure 
components. (Prototypes, one-off con- 
version programs and administration 
automation are, in contrast, places 
where there is less risk in exploring new- 
er technologies and techniques.) 

CASE(MICROSOFT) 

In the corporate world, the two main- 
stream choices for development are 
Microsoft's technology stack and a Java- 
centric technology stack. The LAMP 
(Linux-Apache-MySQL-PHP) stack is 
not uncommon, especially for store- 
fronts or other customer-facing facilities. 
And even though dynamic languages 
such as Python and Ruby are unques- 
tionably entering the mainstream of cor- 
porate development, they probably still 
remain a little bit on the risky side. 
For most shops, the choice of platform 



was made years ago. Switching stacks car- 
ries with it a very significant risk, with a 
certainty of retraining and retooling costs, 
and a near-certainty of rewriting costs. This 
can be mitigated by the use of tools such as 
JNBridgePro from JN Bridge, which allows 
Java code to run on top of Microsoft's 
Common Language Runtime (CLR). 

If you're on the Microsoft platform 
and doing corporate development, it's 
essentially a given that you ought to be 
developing for the .NET Framework and 
CLR. The main languages for .NET pro- 
gramming in a corporate environment are 
C# and Visual Basic. Again, while there is 
a great deal of talk here and online about 
alternative languages that range from F# 
to Ruby to Erlang, choosing one of these 
off-brands for core development would 
still be considered a high-risk move. 

Microsoft's IronPython is "first 
among equals" of these emerging lan- 
guages, and it's a safe bet that lots of 
stuff to be shown at the upcoming Pro- 
fessional Developer's Conference — 
scheduled for Oct. 27-30 in Los Ange- 
les — will be driven by it. The 
combination of Python and Silverlight 
can be dazzling even before considering 
what will be unveiled at PDC, so even a 
conservative manager would do well to 
find some small project in which to 
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explore these technologies. 

The most difficult technology choice 
on the Microsoft platform today may well 
be which UI framework to use for brows- 
er-based applications. The conservative 
approach has a minimalist elegance, with 
ASP.NET pages that have a high degree 
of separation between cascading style 
sheets, content written with HTML and 
calls made to specific rendering func- 
tions. On the other hand, Microsoft's 
ASP.NET Model-view-controller frame- 
work, now in its third round of preview 
release, has come on like gangbusters. At 
this point, ASP.NET MVC seems to have 
passed every test regarding high produc- 
tivity and has a nice design, a good pro- 
gramming model and a fairly high num- 
ber of developers working in it. 

When talking about a browser-hosted 
interface that needs to be dynamic, 
there's always a temptation to move 
away from the kludge-y mess of HTML 
and JavaScript known as AJAX and 
toward the use of a truly dynamic "black 
box" that runs inside the browser. Adobe 
Flash has dominated this world for a 
decade, and one can assume that it's uni- 
versally installed. As beloved as it may 
be by graphic designers, Flash remains 
difficult to program, notwithstanding 
recent advances from Adobe. 

In sharp contrast, Microsoft's Sil- 
verlight technology has an outstanding 
development story. Designers can use 
Microsoft's Expression tools for graphical 
workflow, while developers use the famil- 
iar and powerful features of Visual Studio. 
For the UI, Silverlight uses the Windows 
Presentation Framework, for which there 
are many excellent educational resources. 

The need to install a runtime has 
until now been a legitimate obstacle to 
the adoption of similar tools, but Sil- 
verlight appears to have achieved its goal 
of a small download and a speedy install. 
In a corporate environment — especially 
a Microsoft-powered one — it's hard to 
see the runtime installation being a bar- 
rier to Silverlight. 

TAKE SMALL STEPS 

One of the few practices that can be rec- 
ommended without caveats is incremen- 
tal delivery. There is simply no legitimate 
debate on this: The best way to deliver a 
beautiful and appreciated piece of soft- 
ware in 12 months is to deliver an ugly 
and insufficient piece of software in two 
months, a slightly less ugly and insuffi- 
cient delivery two months after that, and 
so on. That doesn't necessarily mean that 
one actually deploys the software broad- 
ly; the training costs and process changes 
could be prohibitive. But the feedback 
from real customers that are looking at 
real data and seeing real application flow 
is invariably both infuriating ("We talked 
about that specifically!") and gratifying 
("You like it! You really like it!"). 



Some developers would say that two 
months is 59 days too long. Although 
truly continuous deployment to a repre- 
sentative user may have advantages such 
as a higher emotional investment, deliv- 
ery cycles of a month or two serve two 
purposes: first, to perform the crucial 
functions of reassuring the client that 
progress is being made; and second, to 
catch major mistakes before any great 
investment has been made. 

Two months is probably pushing the 
outer limits of an incremental delivery 
cycle; in an unscientific poll I recently 
conducted on my Web site, a delivery 
cycle of 60 days or less was one of the 
highest-rated practices, while longer 
delivery cycles were the lowest rated. 

Incremental delivery has additional 
benefits. Until recently, the process of 
deployment — compiling all the sources 
from scratch, creating all the websites and 
virtual directories, installing and initializes 
the databases, and so forth — was not given 
a great deal of attention, and was often a 
source of delays and misery. Short delivery 
cycles force teams to give deployment its 
due. With customers getting deployments 
every few weeks, it's hard to ignore the ben- 
efits of continuous integration (CI) tools 
such as the Team Build 2008 component of 
Microsoft Team Foundation Server (or 
from FOSS such as CruiseControl.NET, 
available at confluence, public 

.thoughtworks.org/display/CCNET). 

Under shorter development cycles, it 
becomes less clear that the formal disci- 
pline of project management, with its 
associated Gantt and PERT charts, is 
appropriate. Tools such as Microsoft 
Project, although powerful, do a poor 
job of modeling software development. 
Software development is not just cyclical 
but recursive, or perhaps fractal; tasks 
are composed of subtasks that them- 
selves maybe composed of further tasks. 
Formal project tracking was likewise not 
terribly popular with the self-selecting 
people who answered my poll, coming in 
at the low end of the "moderately impor- 
tant" practices. 

Software development generates a 
tremendous amount of discrete tasks, and 
short delivery cycles require constant 
monitoring and triage of features, defects 
and improvements. Visual Studio Team 
System has built-in support for Outlook- 
based task tracking and a offers a config- 
urable project portal for viewing the 
resulting data. Atlassian's JIRA is another 
highly regarded tool for managing project 
tasks, but it does not have the tight inte- 
gration with Outlook of VS Team System. 

Yet another benefit of incremental 
delivery is that it promotes the creation of 
software modules rather than a monolith- 
ic application that has many internal mov- 
ing parts. Practitioners don't fret nearly as 
much as they did a decade ago about 
continued on page 38 ► 
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application architecture, and "big 
design up front" is considered an 
epithet, not a compliment. 

Instead, there's a general 
willingness to rely on SOA, 



which Sam Gentile, a speaker 
and independent consultant, 
says emphasizes "encapsulating 
application logic within atomic 
services that interact via a com- 
mon communications proto- 



col." The focus, Gentile notes, 
is on the message rather than 
"the implementation, platform 
or runtime of the service itself." 
SOA is not linked to any 
technology stack, but Microsoft 



certainly encourages developers 
to use Windows Communica- 
tion Foundation (WCF). Others 
would say that the World Wide 
Web itself has proved HTTP to 
be robust enough for, well, the 
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Web, and that one should marry 
HTTP with the Webs REST 
architectural principle for guid- 
ance. (WCF supports RESTful 
approaches, but the vast majori- 
ty of REST discussions assume 
HTTP transport.) 

Despite all the talk of soft- 
ware product lines and software 
factories, most corporate soft- 
ware development is done in 
the service of one or a few soft- 
ware applications. To the extent 
that new projects come along, 
they are more often integration 
projects rather than green-field 
opportunities. Accordingly, the 
week-in, week-out reality of 
corporate development teams is 
spent in the construction phase. 

This is where unit testing, 
the signature "better practice" 
of the new century, has taken 
hold. Unit testing is the practice 
of continually adding large 
numbers of small, self-con- 
tained tests that directly exer- 
cise functionality — for instance, 
that a sub-total and taxes cor- 
rectly sum to a total. "Test run- 
ner" programs or libraries, 
rather than starting from 
scratch and running the whole 
application for every test, load 
only the classes necessary to 
exercise the functionality. 
Whereas a black-box test that 
runs an application by simulat- 
ing mouse-clicks and text entry 
might take minutes to reach a 
feature, a unit test of the same 
feature might be expected to 
load and execute in under a sec- 
ond. There are several test run- 
ners available for .NET devel- 
opers: Visual Studio 2008 
Professional Edition now 
includes unit-testing support 
formerly only available in VS 
Team System, while NUnit 
(www.nunit.org) is a popular 
FOSS alternative. 

The key process innovation 
of unit testing is that it puts 
quality front and center in the 
development process, rather 
than leaving it as someone else's 
job. The intensely detail-orient- 
ed nature of programming 
makes it all too easy for devel- 
opers to accomplish a difficult 
sub-task and wrongly conclude 
they have finished their work. 
Without automated testing, 
developers will often test mere- 
ly a single path through the 
code, or even make a change 
without testing because it "must 
be" the problem. After a short 
learning curve, unit testing is 
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widely perceived as speeding up 
programmer productivity by 
increasing turnaround and con- 
fidence in one's changes. 

Unit testing is closely associ- 
ated with an emphasis on writ- 
ing the minimal amount of code 
needed to satisfy the task or test 
at hand, in direct contrast to the 
emphasis on program structure 
that prevailed in the 1990s. The 
phrase "You Ain't Gonna Need 
It" (YAGNI) is associated with 
the emphasis on functioning 
code and was the highest-rated 
practice in my poll. The tri- 
umph of YAGNI is in many 
ways a vindication of 
Microsoft's long-held philoso- 
phy that code, not bubbles and 
arrows, is what's most impor- 
tant about a program. 

The problem with YAGNI is 
that good programs need 
abstractions and generaliza- 
tions. You don't want to have a 
shipping-charge function that 
works with US dollars, another 
that works with Canadian dol- 
lars and a third that works with 
euros. YAGNI needs to be 
paired with the talent and abili- 
ty to refactor an initial imple- 
mentation into a more general 
one. Therefore, YAGNI ought 
to be paired with DRY ("Don't 
Repeat Yourself), a phrase 
intended to capture the prac- 
tice of refactoring towards gen- 
eralities. Although Visual Stu- 
dio 2008 has a handful of 
automatic refactoring func- 
tions, third-party applications 
such as DevExpress' Refactor 
Pro and JetBrains' ReSharper 
provide an embarrassment of 
riches when it come to restruc- 
turing code. 

This brings us back to CI, 
another top-scorer in my poll. 
CI tools hook into the version 
control system and activate a 
build script every time a check- 
in takes place. CI as practiced 
today is not just about making 
sure that all the code compiles, 
links and loads, but is almost 
always thought of as involving at 
least "smoke tests" that ensure 
that the system is responsive to 
basic inputs. (Incidentally, ver- 
sion control is not listed as a 
best practice, because if your 
team isn't using version control, 
you have bigger worries than 
what practices are best.) 

In a team combining these 
top-scoring practices of incre- 
mental delivery, unit testing, 
YAGNI, DRY and CI, there's a 



natural rhythm of expressing a 
task's requirements as a series of 
unit tests, and as new unit tests 
are created and passed, doing an 
increasingly rigorous version 
control check-in. Since unit tests 



are relatively small and discrete, 
it becomes rare to have a day 
pass without seeing a check-in 
from every active developer. In 
such teams, program managers 
no longer have to fear program- 
mers "going dark," but instead 
have to come up with ways to 
manage a relatively high volume 
of incoming task-related data. 



Burn-down charts and related 
techniques use such data to pro- 
vide better tracking and delivery 
estimation than has generally 
been achievable in the past. 

Microsoft, of course, provides 
a tremendous amount of guid- 
ance on both specific technolo- 
gies and development processes. 
There are the half-demonstra- 



tion, half-prescription (but often 
quite complex) .NET Applica- 
tion Blocks, the "patterns & 
practices" developer center 
(msdn.microsoft.com/en-us 
/practices), MSDN, conferences, 
etc. These resources corral the 
thinking of many of the very top 
minds in the development corn- 
continued on page 40 ► 
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munity. However, Microsoft's 
understandable promotion of its 
own emerging technologies can 
make it very difficult to properly 
weigh the risk associated with 
them. After all, MSDN is not in 
the habit of saying, "This library 
is more complex than it should 
be," or, "To be honest, this third- 
party tool is better than 
Microsoft's." 

The self-named "ALT.NET" 
community has coalesced in the 
past year or so to represent a 
point of view that embraces the 
Microsoft platform for develop- 
ment, but it is more ready to 
acknowledge the benefits of 
third-party and FOSS tools and 
libraries. Unfortunately, the 
clear benefits of such a view- 
point have been drowned out 
recently by a kerfuffle over the 
appropriateness of the tone of 
some community members. 

Although some voices in the 
ALT.NET community may be 
overly confrontational and holier- 
than-thou, it's generally a good 
source for independent voices 
speaking to important issues. 



People who care deeply 
about building great software 
and delivering value to cus- 
tomers will always have strong 
opinions. There are too many 
failures, too many myths and 
too much complexity for it to be 
otherwise. In the short history 
of our profession, what has 
been considered the best in one 
decade has generally fallen by 
the wayside in the next. 

Agility is this decade's buzz- 
word for the ability to rapidly 
deliver value, especially in the 
face of a changing competitive 
environment. In contrast to pre- 
vious approaches, what many 
now view as better practices put 
one both closer to the code and 
closer to the customer. This is 
not to say that there is no place 
for object diagrams and the 
occasional Gantt chart, but a 
higher value is placed on daily 
progress and delivering a better- 
than-last-time application to the 
customer as frequently as possi- 
ble. The conclusion remains that 
the best way to run a marathon is 
to concentrate on putting one 
foot in front of the other. I 



An informal poll on Larry O'Brien's Knowing.Net explored the timely question, 
"What practices do you consider most essential during software construction?" 
Respondents ranked the practices on a scale from 1 to 5. 

Emphasis on functioning code (YAGNI) 4.18 1 

Unit-testing 4.14 

Continuous integration 4.13 



Delivery cycle 2 months or less 3.91 I 

Emphasis On COde aesthetics (style guidelines, modularity, DRY) . . . 3.72 

Code reviews 3.42 T 




Developer team with flat "hierarchy" 3.38 [" 

Reguirements analysis / usability 3.38 T 

Scenario / use-case based development 3.37 I 

Dedicated QA staff 3.32 [ 



Developer co-location (non-distributed) 3.25 |" 

Emphasis on 3rd party components / libraries / frameworks . . 3.03 T 
Language choice 2.85 F 

Developer team with strong hierarchy (chief programmer model) 2.81 [ 

Emphasis on internally developed components 

/ libraries / frameworks 

Formal project tracking (dependency tracking 

/ scheduling via Gantt / Pert charts or eguivalent) 

Software cost estimation (function points, 

delphi method, planning game) 2.23 

Delivery cycle 6 months or less, but greater than 2 months. . . 2.00 
Delivery cycle greater than 6 months 1.16 



2.61 [ 
2.56 F 
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Battlestar Midori 

We are delighted to hear that Microsoft Research is hard at work on 
a new operating system. Known as Midori, the new OS is a radical 
departure from the more-is-better Windows platform. If Midori appears 
in the form described in technical documents we've acquired, it will be 
exactly what many IT managers have been hoping for. 

Windows is simply unprepared for a dangerous, tightly interconnect- 
ed world. The original Windows New Technology code base came from 
a day when the only enterprise networks were slow LANs with few 
resources beyond shared printers. Today's personal computers live in an 
entirely different world, with faster processors, tremendous quantities of 
memory, sophisticated applications, overlapping APIs, managed and 
unmanaged code, SOAs — and a very dangerous Internet. 

While Windows Vista presents a safer, more secure environment than 
its predecessors, only the most die-hard Microsoft apologists would 
argue that its incredible complexity represents the pinnacle of desktop 
operating system technology. 

In the past, Microsoft has always made each version of Windows big- 
ger, not smaller. The planned successor to Windows Vista, code-named 
Windows 7, continues that evolution. But just as the giant dinosaurs were 
eventually replaced by small mammals, so too we can hope that today's 
overblown Windows platform will be replaced by a smaller, faster, lean- 
er desktop OS that's optimized for tomorrow's computing challenges. 

It's too soon to speak about the evolutionary path from Windows to 
Midori (or something like Midori). There are many technical challenges 
that Microsoft still has to overcome. Customers and partners may balk at 
anything that affects compatibility with legacy hardware or software. Yet 
we have no doubt that this is the right direction for Microsoft to pursue. 
Indeed, in March 2006, SD Times editorial director, Alan Zeichick, 
called upon Microsoft to develop an operating system along similar lines 
to Midori (see "Break With the Past," tinyurl.com/5zrwae). 

As the saying goes in Silicon Valley, if you don't eat your own children, 
then some else will. An operating system like Midori will displace Win- 
dows some day. Will it be Midori? Maybe, maybe not. Hoewver, it's in 
Microsoft's best interest to make sure that they deliver Midori — before 
someone else does. 

IBM's savvy Hog deal 

IBM is getting great reviews for its recent move to acquire business 
rules software maker Hog for US$338 million. Although SAP made 
another rules company acquisition last year, Hog is the big fish in the 
market that IBM is reeling in. 

Business rules software is a relatively new market, so perhaps a primer 
is in order. 

Business process management (BPM) is a generic term for the proce- 
dures a business establishes to serve its customers. When a customer 
buys something, a purchase order goes to the warehouse and a product 
is delivered. It's also become a technology term for BPM software 
offered by IBM, Microsoft, Oracle and the other usual suspects. 

Business rules management (BRM) software, on the other hand, 
works within a BPM — or SOA — environment to enable an organization 
to automate rules decisions. Someone writes the business rules and then 
executes them using a business rules engine. The beauty of BRM is that 
when the rules change, the application doesn't need to be rewritten. 

If a bank changes the rules for lending money because the market 
has turned, those changes in underwriting criteria can be adjusted 
automatically. 

As IT systems are called on to do more for businesses, companies turn 
to suppliers like IBM for a BRM solution, and the company either has to 
build a solution or, as IBM is doing, buy one. Look for more acquisition 
activity and consolidation in this space; the Hog deal is certainly not the 
last word in this increasingly important market. I 



Sometimes SOA works, 
but mostly it does not 



SOA Watch 



Recently, Burton Group told it like it is: 
They revealed information from their 
recent SOA survey, including that SOA is 
working in some instances. But in many 
more instances, companies are struggling. 
And, as you may have guessed 
after following this column, its 
not the technology but the peo- 
ple who are hindering progress. 

Indeed, according to Bur- 
ton Group vice president and 
research director Anne 
Thomas Manes, many compa- 
nies had nearly perfectly exe- 
cuted SOA implementations. 
However, this good news was 
quelled by the fact that in 
many other instances the initiative had 
yielded no increased agility, quicker time 
to market or project savings, because the 
business had no idea what was going on, 
SOA or no SOA. 

Moreover, the study also found that 
users who break down corporate barriers, 
such as office politics, have a tendency to 
succeed, as do those who install proper 
governance and involve the business. 

Summary: Work through your issues, 
consider the business and drive systemic 
change, and you'll reach SOA nirvana. 
No tricks about that. 

Also, note that changing out the exec- 
utive team and altering the culture is nec- 
essary for success. In some cases, the 
mere changing of the CIO caused the 
culture to change in support of SOA, and 
thus increased chances for success, if not 
guaranteed it. This is consistent with my 
experience as well; with new, more inno- 
vative management, they bring in people 
who are also innovative and thus alter the 
culture to prepare for the systemic 
change that defines SOA. Indeed, if 
you're able to surround the notion of 
SOA with a business understanding, and 
people who understand the value and 
support its creation, then you're 80% of 
the way there . . . the technology is easy. 

On the downside, SOA does not 
seem to work for many companies. Bur- 
ton Group found a 50% complete failure 
rate in the 20 companies studied, and 
another 30% were considered neither 
successful nor wholly failed. The results 
of the studies showed that many of the 
companies had indeed completed many 
"SOA" projects, but these projects were 
focused in a single instance of an inte- 
gration problem, typically just exposing 
many Web services, which does not do 
much good. They are doing EAI (Enter- 
prise Application Integration) really, and 
not SOA. There is a huge difference. 

Other good data points from Burton 
Group, especially Anne Manes, included 
the failure factors around SOA: 




*- - 1" ■ 



Lack of defined service models. 
Infrastructure focus. 
Governance only of SOAP-based sys- 
tems, if that. 

Failure of developers to leverage the 
runtime governance in place. 

• Initiatives led by and solely 
involving the app dev 
group. 

• Road maps lacking specificity. 

• Inability to measure ROI. 

• Project-centric culture. 

• An "I'm special" attitude. 
You've seen me address 

most of the above in this col- 
umn. However, generally 
} MM speaking, SOA is not tactical. 
You need to consider the people and you 
need to consider the business. SOA is 
holistic and systemic to the business. 
SOA is not a project; it's a journey. SOA is 
not integration; it's architecture. SOA is 
about business agility, not governance or 
other technology. 

Specifically, SOA is about the proper 
understanding of the business. Put valid 
and well-formed plans around that 
understanding first, and only after that 
should you buy your technology solu- 
tion. Most of IT out there does not think 
strategically, and thus it's an endless 
array of tactical projects solving specific 
tactical problems; that actually makes 
things worse. What's needed is some- 
body to drive change within those com- 
panies, but that's typically something 
people don't have the political will to do. 

Thus one of the things that Burton 
discovered was that changes to innovative 
leaders often lead to success with SOA, 
and I suppose other aspects of IT as well. 

Key to the success of SOA is the link 
between IT and business, which is some- 
thing that rarely exists. Indeed, within 
most of the companies I've worked with, 
there seems to be a chasm between the 
two, leading them to no productive ends. 
Only good leadership and the willingness 
to bounce people out of there who are 
obstacles to change can fix this. I've had 
to do that many times in my career, and 
while difficult and disruptive, it is often 
the only way to fix things in the long run. 

What is most surprising to people 
who follow the information from Burton 
is that SOA is not a technology concept, 
but more of a notion of change. As I stat- 
ed above, once you understand your own 
issues, then the solution is an obvious 
end state. Thus, those who argue SOA 
governance approaches and service 
design concepts first need to ground 
themselves with their own realities. I 

Reach analyst David S. Linthicum at 
david@linthicumgroup. com. 
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The rise of IT Specialists 



As IT infrastructures have evolved 
over the last four decades, moving 
from a mainframe-centric model, to two- 
and three-tier client server models, and 
finally to today s very diverse and complex 
distributed computing model, so too have 
the key technical people who sell, build, 
integrate and manage these IT systems. 

Back in the old mainframe days, the 
glass partitions that separated 
the team of IT Specialists 
from the businesspeople rein- 
forced the concept that the IT 
folks "behind the glass" were 
and different. Could they only talk in 
bits and bytes? Could they only speak 
about "direct access storage device rota- 
tion access speeds," "mean time to fail- 
ure," and a host of other IT concepts, 
but little else from a business perspec- 
tive? More often than not, the answer to 
this question was an emphatic "yes." 

During the mainframe era, applica- 
tions were simpler. IT leaders were pri- 
marily concerned with technology and 
technical concepts for themselves rather 
than whether or not they provided value 
to the business. 

Fast forward to the early 1990s. The 
client-server model introduced greater 
complexity to computing: distributed 
applications, data residency spread 
across platforms and two-phase commit, 
to name a few. Beginning with client- 
server models, IT Specialists started 
becoming more involved in business and 
business became more involved with IT. 

In contrast to the client-server era, 
todays IT environment is even more 
complex, and the business and IT peo- 
ple now must function together as seam- 
lessly as IT must be integrated with 
business processes. 

So who is ultimately responsible for 
todays IT environments? The builders, 
integrators and managers of these highly 
complex infrastructures. Todays IT Spe- 
cialists have to bridge the gap between 
business functions and departments 
while maintaining the technical exper- 
tise to architect, develop and manage 
the IT environment. 

Perhaps it's our own misperception of 
what business people think of highly 
technical IT Specialists, but the profes- 
sion is still plagued by stereotypes from 
40 years ago. 

Despite IT's evolving role, stereotype 
of the "IT guy" remains: He has deep 
technical skills and little else. Throw a 
raw piece of red meat over the cubicle 
wall for nourishment along with a sys- 
tem dump, and not only will the IT spe- 
cialist spit out the bones, but he or she 
will also resolve the problem causing the 
dump and produce a code fix for the 
problem. 

The stereotypes "IT guy" are happily 
no longer true. Businesses today require a 
higher level of capable IT Specialists who 
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can translate business requirements and 
actualize an IT system to meet the com- 
pany's business needs. IT Specialists not 
only need to possess strong technical skills 
in a technology area, but they must also 
possess strong personal and business skills 
in order to interface with clients to pro- 
vide client value. 

The title of "IT Specialist" has 
become a widely used term 
both within the technology 
industry and inside of compa- 
nies. With tens of thousands 
of "IT Specialists" and a vast array of job 
responsibilities, it is important to under- 
stand what defines an IT Specialist and 
to apply the appropriate set of standards 
to the profession — not an easy feat. 

An IT Specialist is a service, support, 
sales or training professional who is able 
to bridge the gap between client con- 
cerns and technical challenges. IT Spe- 
cialists support solution construction, 
implementation and systems integra- 
tion. They are involved in the design, 
construction and implementation phases 
throughout the life cycle of a project or 
engagement on up through manage- 
ment levels. They may also be involved 
in the architecture phase of a project or 
engagement and may contribute to its 
vision and strategy. 

Companies need the flexibility to 
respond to market conditions, regardless 
of geography, time zones and organiza- 
tional structures. They need to increase 
the performance of systems and person- 
nel so they can collaborate with each 
other. They need infrastructure support- 
ed by open and interoperable standards. 

A CIO or enterprise architect building 
a team needs to be able to look for IT Spe- 
cialists whose experience meets an 
accepted set of professional standards. 



When hiring accountants or lawyers, a 
business will look at a slew of credentials. 
CIOs and human resources departments 
are just now beginning to exercise the 
same kind of rigor for IT Specialists. 
Large IT consulting firms like IBM and 
Capgemini, and their clients, are increas- 
ingly looking to certification programs for 
their IT Specialists. 

Some companies have developed 
their own certification programs. But 
these programs are expensive and don't 
overcome the challenge of recruiting the 
right talent in the first place. 

While industry certification programs 
do exist and offer some level of assur- 
ance, the vast majority aren't perfect 
because they measure knowledge, not 
experience. Joe Certification might look 
great on paper but lack the real-world 
experience and communication skills to 
get the job done right. 

Standardized "skills-and-experience" 
based certification, on the other hand, 
benefits both IT Specialists as well as 
the companies that employ them. For 
the IT Specialists themselves, certifica- 
tion against an open, global standard can 
provide a clear, motivating path for 
career development, as well as provide 
portable credentials that will be recog- 
nized and accepted globally. This class of 
certification also allows IT Specialists 
membership in a worldwide community 
of qualified peers — akin to a certified 
accountant or licensed physician. 

Gone are the days when there are 
distinct divisions between the suits and 
the geeks. The success of IT-enabled 
business depends on the skills and expe- 
rience of certified IT Specialists who can 
break through the glass partition and 
bridge that old divide. I 

James de Raeve is vice president of certi- 
fication for The Open Group. Brian Mit- 
suki is Americas IT Specialist Profession 
Leader for IBM. 



Cloud to complicate 
security, says Gartner 

Messaging security will be a serious growth opportunity for 
cloud-based services, according to new research from Gart- 
ner. It will allow security controls and functions to be deliv- 
ered through new means and new providers, as well as 
empower businesses to use security technologies in ways 
that until now have been too costly. 

Perhaps the best argument for a cloud-based security ser- 
vice, the research firm noted, is the increasing mobility of the 
workforce. As more workers access business data and services 
from outside the corporate network, "new approaches will be 
needed to secure cloud-based IT services," explained Gartner 
vice president and distinguished analyst John Pescatore. 

Another selling point for cloud-based services that Gart- 
ner has identified is the on-demand nature of such services, 
allowing companies to ramp up protection in response to 
events that may lack the regularity of a spam-based attack. 
Additional information is available in the Gartner report titled 
"Cloud-Based Computing Will Enable New Security Sources 
and Endanger Old Ones." 
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HEAR WHAT ATTENDEES HAVE TO SAY ABOUT 






Jain hundreds of other software developers development managers, test fQA 

managers and senior test professionals at the 

Software Test & Performance Conference Fall 2008! 

More than 70 classes and full -day tutorials cover software tesb'QA and per- 
formance issues across the entire application life cycle, making this event 
appeal to a higher-level and more diverse group of development 
and test/QA professionals than traditional training programs 
for test- team members. 

* Learn the Latest. Most Effective Best Practices 

* Turbocharge Your Deployed Applications 

* Optimize Your Web Testing Strategies 

* Improve Your Software's Quality 

* Network With Other Test/QA ft Development Professionals 

* Track Down Security Flaws — Before the Bad Guys Do 



Mew THis FALL! 



LIGHTNING TALKS— Hew a number of short, targeted talks from 

multiple speakers in a single hour. If the speaker goes on too long P you're 

invited to let them kfiow in not-so-subtle ways. 

PRIZE PATROL— Join the STPCon staff in the Exhibit Half as they go from 
booth to booth, announcing prizes and prise winners. 
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Microsoft 



Microsoft's SQL Server 2008 is the only major database to include 
comprehensive, tightly integrated functionality for data manage- 
ment, as well as advanced business intelligence, right out of the box. 
Recognized by its customers for ease of use and manageability, as 
well as for the breadth and depth of its technological capabilities, the 
newest version of SQL Server led Microsoft to being named to the 
2008 SD Times 100 for its leadership in database technology. 

"Competitive databases rely on third-party applications to 
address key functionality, or they charge for incremental functional- 
ity such as security, reporting and analytics," says Fausto Ibarra, 
Director of Product Management for SQL Server at Microsoft. "This 
piecemeal approach increases complexity and requires customers 
to spend more time and money integrating the various pieces, 
instead of focusing on how to derive additional value from their 
data assets." 

Businesses large and small will benefit from the tight- 
ly integrated out-of-box functionality included as 
standard features in SQL Server 2008. As a 
bonus, Microsoft has announced that there 
will be no price increase for SQL Server 
2008. "We are committed to helping 
customers save time and money so 





they can focus on making their data a valuable busi- 
ness driver," Ibarra says. 

Microsoft was the first database vendor to break 
world record benchmarks against the newTPC-E OLTP standards. 
The newTPC-E benchmark gives the database industry a high-qual- 
ity OLTP performance test consistent with today's real application 
workloads. "The TPC has been working on this benchmark for four 
years, and we believe they've done a great job defining a workload 
and benchmark which will drive product innovation that provides 
real customer value," Ibarra explains. 

SQL Server 2008 and Windows Server 2008 are showing record 
scalability and performance with ISV benchmarks covering a spec- 
trum of customer scenarios. For example, SQL Server 2008 and 
Windows Server 2008 show record performance with largest 
benchmark ever on Siemens Teamcenter Digital Product Lifecycle 
Management solution, Microsoft Dynamics CRM, Microsoft Dynam- 
ics AX and Camstar Manufacturing Execution Systems solution. For 
more information on Microsoft's industry-leading database solu- 
tions, visit www.microsoft.com/sql. @ 
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Apple drinks Microsoft's milkshake 



Sir, if you have a milkshake and I have 
a milkshake, and my straw reaches 
across the room, I'll end up drinking 
your milkshake," said Senator Albert 
Fall, in his explanation of oil drainage 
during the Teapot Dome scandal. The 
same sentiment is expressed in There 
Will Be Blood shortly before the movie 
ensures that no one goes away dissatis- 
fied with the promise implied in the title. 

In its first three days of business, more 
than 10 million downloads were made 
from Apples App Store for the iPhone. 
Many were free downloads and many 
more were impulse purchases made by 
those curious to see the capabilities of 
their newly purchased phones. But even 
allowing for all that, Apple has definitely 
put a straw in Microsoft's milkshake. 

It is commonly held that Microsoft's 
success in operating systems is due 
largely to its unparalleled support of 
independent software developers. While 
Unix shells were more powerful than 
MS-DOS, products like Borland's Turbo 
Pascal, Barrington Systems' Clarion and 
Zortech C++ meant that MS-DOS could 
be used as a development and delivery 
platform for the broadest variety of soft- 
ware markets (individual, departmental, 
retail) and with the broadest variety of 
developer sophistication. 




While the Macintosh had a graphical 
edge and a reputation for ease of use 
among end users, Apple had a notorious 
barrier to entry when shifting from 
interpreted, p-code or VM-based devel- 
opment to native. Apple's developer 
relations group was dismissive of new- 
comers, the hardware cost premium was 
significant, and in the retail 
channel, shelf-space was at a 
premium. 

Microsoft, on the other 
hand, was releasing products 
like Visual C + + and Visual 
Basic, giving out MSDN sub- 
scriptions and economically 
supporting a broad ecosystem 
of conferences, books and 
magazines. To be sure, to this 
day the volume of support issu- 
ing from Redmond swamps that from 
Cupertino. Yet one need only glance at 
the laptop covers at any development con- 
ference to see Apple's new advantage: 
Lots of good programmers are doing their 
development work on Apple hardware. 
They may well be using that hardware to 
run Vista (the Macbook Pro is considered 
the best Vista laptop available). 

But programmers are a curious lot, 
and every developer who buys a Mac will, 
sooner rather than later, install XCode 
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and create a "Hello, World" application, 
or open a terminal window and discover 
that not only does he have Ruby and 
Python and Apache and gcc and other 
cool tools but he can also cut-and-paste 
without selecting "edit/mark" from a 
dropdown menu. At some point, he might 
find it difficult to ignore that installing an 
application on an Apple is as 
easy as dragging and dropping 
an icon, and he may think, 
"Gee, that could be my app." 

Meanwhile, Apple's devel- 
oper program for OS X and 
the iPhone is now available to 
I anyone willing to fill out a 
^fy Web form. Order Hillegass's 

"Cocoa Programming for 
Mac" from Amazon, and by 
the time it arrives, you can 
have your development stack set up. 

Between "Hello World!" and develop- 
ing your installer, Microsoft holds a huge 
advantage. Visual Studio runs rings 
around XCode. The Unix underpinnings 
of OS X help a lot, but the sheer volume 
of libraries, sample code and information 
on the nooks and crannies of Win32 is a 
clear advantage to Windows. 

One can take swipes at either C++ (too 
complex) or Objective-C (neither fish nor 
fowl). But when it comes to enterprise 
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languages, the Common Language Run- 
time has leapfrogged the Java Virtual 
Machine in functionality, particularly with 
Language-Integrated Query. I continue to 
be impressed by the Mono Project, which 
brings the CLR to a variety of platforms, 
including the Mac, but it's necessarily a 
step behind what's available from 
Microsoft. Windows is still a compelling 
platform for enterprise development. 

But every programmer has a vast back- 
log of software he intends to develop 
eventually and use to get rich. Fifteen 
years ago, the natural platform on which 
to develop such software was Windows. A 
decade ago, it was the Web. Today, the 
Web is still attractive if you believe in ads 
or subscriptions. But if you want to hear 
"ka-ching" every time someone recog- 
nizes your genius, the Mac is the choice. 

Of course, there are far fewer Macs 
than Windows machines. It's only recent- 
ly that Apple has begun selling more 
than a million new Mac laptops and 
desktops per quarter, while Windows 
machines sell more than 15 times that 
amount. That's an awfully big milkshake. 

Most developers will never develop 
and bring their own commercial software 
to market. But those who do pull off that 
dream are hugely influential. Even the 
richest resource is subject to drainage. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his hlog at 
www. knowing, net. 
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Perforce 



The best measure of software quality is a satisfied customer. 
That's the lesson we learn from Perforce Software, named to the 
2008 SD Times 100 for its leadership in software configuration 
management. 

"At Perforce, the quality of the software is essential to the sales 
process," explains Christopher Seiwald, CTO, president and 
founder of the Alameda, Calif.-based company. That's why Perforce 
doesn't have a commissioned sales force. "We don't need a sales 
force to succeed," he says, explaining that the company relies upon 
a solid product, a strong pre-sales consulting organization as well 
as tremendous post-sales support to make the deal." 

Seiwald calls Perforce a "product-style" company, taking a leaf 
from other privately held "lifestyle" companies that engender 
long-term loyalty from their customers. "We forgo the traditional 
commissioned sales model and concentrate instead on 
creating a useful product with enduring functionali- 
ty," he says. "This shifts our internal conversation 
from 'What will make the company the most 



money?' to 'What makes the product 




most useful to the most people?' " 
That product is the Perforce Soft- 
ware Configuration Management 
System. Built around a scalable 
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client/server architecture, users access the Perforce 
P4D Server through a broad range of client applica- 
tions, including a cross-platform Visual Client, P4V, 
which runs on Windows, Mac OS X, Linux, Solaris and 
FreeBSD.Web clients and command-line interfaces support dis- 
tributed development and automation. Tight integrations with 
popular IDEs, strong reporting capabilities, defect tracking fea- 
tures, code-merge tools and proxy-based caching turn the Per- 
force system into the industry's most flexible SCM system. 

Perforce applies its "product-style" model to every aspect of 
its operations. "We take the time to really understand how our 
customers want to work, so our product can support them in the 
manner in which they want to work," Siewald explains. "Perforce 
was built for developers by developers. Our solution is powerful, 
stable and easy to use. From the beginning we have supported 
innovations such as atomic change lists and inter-file branching." 

Perforce's technology and business model is backed by their 
strong philosophy on how SCM should be accomplished. Seiwald 
and Laura Wingerd, VP of product technology, are recognized 
experts in the field of SCM. Put Perforce to work for your com- 
pany today. Learn more at perforce.com. @ 
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Protocol Buffers: Reinventing the past 



For the decades prior to the wide- 
spread adoption of XML, the com- 
puter industry sought ways to find an 
easy way to transfer data across systems. 
Many many options entered into vogue, 
then disappeared or eventually found 
acceptance in small utilitarian niches. 

The CORBA CDR format, Suns XDR 
(eXternal Data Representation) and the 
various EDI (Electronic Data Inter- 
change) protocols are examples of the lat- 
ter category. A few other standards, like 
ASN.l (Abstract Syntax Notation 1), live 
on out of sight even though widely used; 
and because they are unseen, they don't 
come to mind when an internal or exter- 
nal data exchange protocol is needed. 

Even after the wide embrace given to 
XML, standards bodies such as the 
IETF have continued formulating new 
standards. One example is SDXF (Struc- 
tured Data eXchange Format), which is 
a non-text-based format that has much 
the same structure of XML, though the 
data types are self-describing. 

Formulation of so many standards 
arises in large part because of the bal- 
ance that must be struck among three 
contending forces at play in the design of 
a data-interchange protocol. 1) Speed: 
How fast can the data be marshalled and 
then unmarshalled? 2) Ease of use: How 
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simple is it to describe the data in the 
appropriate format from a variety of pro- 
gramming languages? 3) Expressivity 
and other factors: How well does the for- 
mat express the data needs of a particu- 
lar domain? Also, there are the pragmat- 
ic concerns such as security (can it be 
encrypted when sent over the wire?) and 
compressibility. 

Curiously, protocols that 
fail at one or more of these 
aspects can still become popu- 
lar. XML is an example. It is 
more of a data structure repre- 
sentation than an interchange 
format, since it requires some 
definitions that both ends 
agree on (generally specified 
as a schema or DTD) so that 
validation of fields and the 
type of a data item can be identified. 

Beyond the need for supplemental 
support, XML has some fairly horrid 
characteristics, the worst of which is 
speed. XML is an extremely wordy pro- 
tocol that is very slow to parse. Sites that 
run enterprise Java and profile their 
applications frequently find that the sin- 
gle biggest time sink is the encoding and 
decoding of XML documents. In nearly 
all cases, it is by a wide margin the most 
time-consuming activity. 




XMLs ease of use is not great, 
although it's better than it once was due 
to the fact that there are many good 
parsers available. Even so, the require- 
ment to translate certain characters, and 
the consequent need for CCDATA, 
mean encoding can at times be complex. 
Finally, XML expressivity is abysmal. 
Data must be structured, items 
can at times be categorized 
only in one specific hierarchy, 
and each hierarchy level must 
encompass all lower levels. 
What's more, repeating pat- 
terns of fields, such as a list of 
employee records, must repeat 
all the field names and hierar- 
chy for every instance. 

I could go on about XML 
limitations, but the key objec- 
tion is performance. Google, intensely 
focused on performance, examined XML 
and deemed it too slow for the company's 
high-speed requirements. In true Google 
tradition, rather than use an alternative 
existing protocol, it crafted its own: Proto- 
col Buffers, (code.google.com/p/proto- 
buf) a new format for serializing data that 
the company open-sourced in July. 

The data structure for Protocol 
Buffers data items is described using a 
simple data description language, remi- 



niscent of CORBA's Interface Descrip- 
tion Language. This description is saved 
in a .proto file, which is then compiled 
into C++, Java or Python. 

The Protocol Buffers meta-language 
is surprisingly extensive. Both sequential 
and hierarchical data structures can be 
defined. And data items, covering all the 
standard string and integral types, can 
be marked required or optional. Fields 
can include enums, which is a common 
mechanism for tightly associating a spe- 
cific value to a variable name. 

Protocol Buffers is a binary format. 
This is a crucial dimension for perfor- 
mance; it means long text strings and field 
names do not have to be parsed for each 
item. Also, marshalling and unmarshalling 
functions are built directly into the code, 
via the .proto compiler — guaranteeing 
every aspect is optimized for speed. 

Unlike earlier technologies released by 
Google that still had an experimental feel 
to them, Google has been using Protocol 
Buffers for years and in almost all aspects 
of the services they provide. So, this is a 
technology that has been extensively test- 
ed .. . and optimized. If you need to trans- 
fer data in C++, Java or Python and want 
a fast, simple solution that avoids the 
penalties imposed by XML, try Protocol 
Buffers. I think you'll like what you find. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
binstock. hlogspot. com. 
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SO KEVIN JOHNSON is leaving 
Microsoft. The blogosphere is atwitter 
with speculation that he was made to fall 
on his sword for failing to consummate a 
deal with Yahoo. Some bloggers may be 

Stoo clueless to know that 
they're clueless. 
Microsoft veterans have 
been departing the compa- 
h^ ny in a steady succession 
^ since Jim Allchin retired in 
January 2007 after 17 years with the 
company. Note to the blogosphere: 
These people have made their millions 
and are moving on. Maybe Johnson was 
disappointed that he would not have a 
larger fiefdom — who knows? I sure 
don't, and I doubt the bloggers do. 

— David Worthington 

DON'T YOU HATE IT WHEN your 
software program crashes because 
someone wrote the equivalent of "ain't" 
in the code? Or "is" instead of "are"? Or 
used a noun as a verb? 

IBM Rational seems to think it's 
enough of a problem that it is working 
on a debugger that can also check the 
grammar of code while it's being written. 

The IBM Rational Software Analyzer, 
launched July 29, works like the gram- 
mar-check function in Microsoft Word, 
explained Dave Locke, director of Ratio- 
nal software marketing. A debugger 
stops on incorrectly written code just like 
spell-check stops on a misspelled word. 
But the Software Analyzer, like more 
recent versions of Word, stops at a sec- 
tion of code that is ungrammatical. 

"A grammar checker in Word helps 
guide you to communicate more effec- 
tively," Locke continued. "In program- 
ming, there are patterns of develop- 
ment that are known to be good, so we 
test to see if you have applied the pat- 
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tern correctly." 

For instance, code needs to include 
an instruction to retrieve data from 
memory and another when the program 
is done accessing memory. "A lot of 
times people forget the T'm done with 
it' part," he said. 

Ain't it about time someone did 
something about that there problem? 
— Robert Mullins 

I LOVE CONFERENCES. They re fun 
to go to; as I write this, I'm making my 
plans for LinuxWorld. To you, of course, 
LinuxWorld is last week's news. Confer- 
ences are the best place to catch up with 
colleagues and friends, see the newest 
technology and unravel the latest buzz- 
words. Oh, yeah, and also watch a 
keynote and take some technical classes. 

While I attend many conferences 
each year, a big part of my job is involved 
with creating new events. On page 32, 
you can read about our brand-new 
SharePoint 
Technology 
Conference, 
taking place from Jan. 26 to 28 near San 
Francisco International Airport. That's 
an exciting new project being spear- 
headed by David Rubinstein, former 
editor of SD Times, now heading up our 
sister publication, Systems Manage- 
ment News. We hope you can make it to 
SPTechCon. 

Another of our conferences is 
EclipseWorld, a conference for Java 
developers. EclipseWorld will be Oct. 
28 to 30 in Reston, Va. We just con- 
firmed the keynote speaker: Ivar Jacob- 
son, the computer scientist perhaps best 
known for his work in modeling and 
requirements, and who is one of the 
Three Amigos behind the Uniform 
Modeling Language. 




SPTechCon 

The SharePoint 
Technology Conference 




Before either of those events, of 
course, there's the Software Perfor- 
mance Conference, Sept. 24 to 26 in 
Boston. STPCon Fall is our biggest con- 
ference, and this year it's kicked off by 
software testing guru James Bach. Hope 
to see you there! — Alan Zeichick 

CLEAN BREAKS WITH ONE'S past 
aren't always 
easy, especially 
when friends 
and family are 
involved. That's 
the problem 
Microsoft faces with Midori as it consid- 
ers breaking with its Windows past. 

It brings to mind what happens when 
a company that lives and dies by its oper- 
ating system decides to make a drastic 
architectural changes; I'm speaking about 
Apple and the transition from Mac OS to 
Mac OS X. In providing the Classic envi- 
ronment, the company allowed users to 
bridge the old and new by running Mac 
OS 9 in a sandbox, although nobody 
would call the experience seamless. 

What Apple did wasn't architectural- 
ly pretty, but it worked: Within a handful 
of years, most bread-and-butter applica- 
tions for Macs had been reworked to run 
under the Unix-based replacement OS. 
By the time Apple was working up a 
release of Tiger that would run on Intel 
systems, the need to provide the Classic 
environment had all but disappeared, 
and Classic was cut from the Intel ver- 
sions of Mac OS X 10.4. 

In five years, Apple had dragged its 
user base, kicking and screaming, onto its 
platform of the future. I doubt that I'm 
the only person who thinks Microsoft 
might require twice as much time before 
Midori can shed itself of the Win32 past. 
— P.J. Connolly 




BUSINESS BRIEFS 




Investment management firm BlackRock will acquire Impact 
Investing, a Sydney, Australia-based software development com- 
pany specializing in equity portfolio management and analytical 
software products. BlackRock executives said Impact's analysis 
and portfolio visualization capabilities will strengthen its Aladdin 
enterprise investment platform. Impact will be integrated into 
BlackRock's unit that offers products that help organizations 
manage their capital markets . . . Cisco Systems announced 
plans to acquire Pure Networks, a Seattle-based provider of 
home networking management software. Cisco executives said 
the acquisition provides the company with software that will 
serve as the foundation for developing new applications and capa- 
bilities for home workers . . . Endpoint security software provider 
Sophos plans to acquire Utimaco Software, a Germany-based 
company specializing in enterprise data security. Sophos execu- 
tives said Utimaco's data security offerings further Sophos' 
attempt to lead the market in protecting information and com- 
puters from external threats or careless end user behavior. 

EARNINGS: Apple posted revenues of US$7.46 billion and prof- 



it of $1.19 per share stock for the third fiscal quarter of 2008, 
ending June 28. Revenue in the same quarter a year before was 
$5.41 billion, and profit was $0.92 per share. In the quarter, Apple 
shipped 2.49 million Macs, a 41% increase from the same quar- 
ter a year before . . . BMC Software has announced a first-quar- 
ter revenue of US$438 million for fiscal 2009, a 14% year-over- 
year increase. The company said license revenue in the first 
quarter was $149 million, a 19% increase from the same quarter 
a year before, and professional services revenue increased by 
43% . . . EMC reported its 20th consecutive quarter of double- 
digit, year-over-year revenue growth, with total revenue for the 
second quarter of 2008 at US$3.67 billion. That total is an 
increase of 18% over the $3.12 billion in the same quarter a year 
earlier, the company said. GAAP net income was $377.5 million, 
or $0.18 per diluted share . . . SAP's second-quarter net income 
was down 9% from a year before, dropping from €449 million to 
€408 million this year. The company reported total sales of €2.9 
billion and adjusted income of €497 million for the second quar- 
ter of this year. The company's software sales were up 25% to 
€898 million from €716 million a year before. I 
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For a more complete calendar of U.S. software 
development events, see www.sdtimes.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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Work with InterSystems Ensemble software Eo raise 
productivity and lower costs. 

Ensemble Is n rapid Integration and dmlupiiirnl 
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interfaces, rules-based business processes, dash boards, 
and cither innovations - without rewriting ynur coda 

Ensemble's techndngy stack includes the world's 
fastest object database - JnterSystems Cache". Cache's 
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Partner for teading enterprises that rely on the frlgh 
performance of our products. Ensemble and Cacht are 
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BACK f o SCHooL, CAUSE 
WE'RE CKAff ARout TESfiNa! 

September's the time when the Northeast goes back to school. And so 
it is for testers, development managers and test-focused developers, as 
we meet in Boston for the annual Software Test & Performance 
Conference. It's your annual opportunity to add to your skill set f your 
resume and your stock price within the organization. 








This year we'll be located at the Marriott 
Copley Place, closer to downtown Boston. We 
hope this puts us in easier proximity for some 
of you to drop in for a class or two, or perhaps 
walk the exhibit floor during your lunch hour to 
get up to speed on the latest testing tools, 
solutions and services from dozens of the 
industry's top vendors. 

The Software Test & Performance Conference 
is here to continue your education on building, 
testing and securing applications, be they made 
with AJAX, SOA, UML or another emerging tech- 
nology that has yet to come your way. 

Our curriculum contains introductory, inter- 
mediate and advanced content to suit you and 
everyone on your staff. Plus, we'll have tracks 
designed especially for managers and other 

TEN tips to 
Oft APPROVAL to 
AttEMD stPCoM! 



PREPARE. Go in armed with all the necessary 
materials to make a good case to attend. Circle 
the classes you want to take. Visit www.stpcon. 
com to find the course catalog, instructor bios 
and travel information. 

TEACH. Promise to come back from the confer- 
ence and have a brown-bag lunch session to share 
what you've learned — and to make action plans 
to improve your test/QA processes. 

RELATE. Show how specific problems or issues 
you've recently encountered fit with one of the 
more than 70 classes and tutorials at STPCon. 

SHARE. As an attendee, you'll receive the CD- 
ROM containing virtually all of the classroom 
materials — that means you'll get education even 
for the classes you can't attend personally. Plus, 
the proceedings disc can be shared among oth- 
ers at your company, or even posted to an inter- 
nal file server. 



specialists just like you, who must stay on top 
of the latest technologies and development 
techniques to keep your company competitive. 

As always, our speakers are hand-picked for 
their technical expertise and ability to commu- 
nicate their knowledge effectively, in ways that 
are most useful for integrating that knowledge 
into your daily life. We've also listened to your 
feedback on each conference session, and 
made sure that this year's STPCon presenta- 
tions will be even better than the last. 

Don't miss test-industry legend James 
Bach, who will deliver our opening keynote, 
explaining his pioneering "exploratory bound- 
ary testing" concept. This inspiring talk will 
give you a sense of the industry today and 
what's in store for the future. And you'll have 



SAVE. The travel and tuition expense of attend- 
ing the Software Test & Performance Conference 
is less than other conferences. And the earlier you 
sign up, the more you save. 

TEAM. Tuition can be reduced further by send- 
ing 4 or more from your company. Plus, each per- 
son can take different classes, bringing back even 
more valuable tips and techniques. 

CHOOSE. There are 8 classes in a given time slot. 
That means that you'll always find something that 
fits your needs. 

LAUNCH. STPCon helps you get a jump-start 
on the automation, metrics, agile or other process- 
es you've been talking about implementing — but 
haven't — for months. 

MEET. You'll have the opportunity to meet with 
the makers of the tools you use and the tools you 
might want in the future. Learn about the new 
features, test them out, and talk to the experts 
who built them. 

DECIDE. Give a deadline to make a decision. 
Present the information and ask for an answer 
within a specified time frame. Or keep the con- 
ference in mind if your schedule might loosen up 
in late September. 

www.stpcon.com 
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more opportunities to meet the faculty and your test-industry 
colleagues at the after-hours sessions and other informal 
gatherings that we've arranged for you in the exhibit hall and 
at other locations around the conference center. 

At our Spring conference in California, we introduced a 
new event— LIGHTNING TALKS— to STPCon. Lightning Talks 
give you a chance to hear a number of short, targeted talks 
from multiple speakers in a single hour. If the speaker goes 
too long, you're invited to let them know in not-so-subtle 
ways. The pressure will be on — Wednesday at 5:00 pm. 

Also returning is the Hands-On Tool Showcase, a popular 
event that lets you get up-close and personal with a number 
of testing tools and solutions. Be sure to bring your laptop and 
your appetite... there will be lots of food and drink, beginning 
at 6:00 pm Wednesday, right after Lightning Talks. And don't 
miss more free libations at the Attendee Reception on 
Thursday starting at 5:00 pm. 

The Software Test & Performance Conference in Boston 
promises to be the best STPCon ever. So browse the course 
catalog and be sure to take advantage of our early-bird dis- 
counts. Why not sign up today? 

See you in September. 

Best Regards, 
■ v y ._. ■ 

Edward J. Correia 

Conference Chairman 
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4:00 pm - 7:00 pm Registration Open 



Wednesday, September 24 



8:00 am- 7:00 pm 
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8:00 am - 

8:00 am - 

8:45 am - 

10:00 am - 

11:15 am - 

12:15 pm - 

1:30 pm - 

2:00 pm - 

3:00 pm ■ 

3:00 pm ■ 



7:00 pm 
8:45 am 
9:45 am 
11:00 am 
12:15 pm 
1:30 pm 
2:00 pm 
3:00 pm 
7:00 pm 
345 pm 



3:45 pm - 4:45 pm 
5:00 pm - 7:00 pm 



Registration Open 

Continental Breakfast 

Opening Keynote 

Technical Classes (100 series) 

Technical Classes (200 series) 

Diamond Sponsor Luncheon 

E-mail/Voicemail/Networking Break 

Technical Classes (300 series) 

Exhibit Hall Open 

Coffee and Ice Cream Social 

in Exhibit Hall 

Technical Classes (400 series) 

Attendee Reception in Exhibit Hall 



Friday, September 26 



8:00 am - 4:00 pm Registration Open 

8:00 am - 8:45 am Continental Breakfast 

8:45 am - 9:45 am Technical Classes (500 series) 

9:30 am - 1:15pm Exhibit Hall Open 

9:45 am - 1 0:30 am Coffee and Donuts in Exhibit Hall 

10:30 am - 11:30 am Technical Classes (600 series) 

11:30 am- 1:00 pm Lunch Break 

1 2:30 pm - 1 :00 pm STPCon Prize Patrol in Exhibit Hall 

1:00 pm - 200 pm Technical Classes (700 series) 

2:00 pm - 2:15 pm Break 

2:15 pm - 3:15 pm Technical Classes (800 series) 

3:15 pm- 330 pm Break 

3:30 pm - 4:30 pm Technical Classes (900 series) 



Exhibit Hall Hours: 
Thursday, 3:00 pm - 7:00 pm 
Friday, 9:30 am - 1 :30 pm 
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102 Agile Test Development by Hans Buwalda 

301 Testing in an Agile Environment by Megan Sumrell £t Robert Walsh 

501 Agile Testing Within Scrum by Robert Galen 

601 Testing in the Enterprise Using Scrum by Robert Galen 
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Automated Testing in the .NET Environment: 

A New Opportunity for Test Professionals by Mary Sweeney 

The 5% Challenges of Test Automation by Hans Buwalda 

The Magic Bullet of Test Automation Is Not 'Record and Playback' 

by Aaron Cook 

Implementing Automated Software Testing, Part 1 by Scott Bindas 



Software Performance Engineering, Part 1 : 

Software Execution Modules by William Louth 

What You Must Know to Demystify Ant Build Scripts by Matt Gabor 

Model-Based Testing for Java and Web-Based GUI Applications 

by Jeff Feldstein 

Designing JUnit Test Cases for Effective Functional Testing by Matt Love 

Java EE Performance Tuning Methodologies by Steven Haines 



Software Endgames: How to Finish What You Started by Robert Galen 
Balancing Test to Break, Test to Validate and Metrics by Jeff Feldstein 
Metrics: How to Track Things That Matter by Clyneice Chaney 
Effective Metrics for Managing a Test Effort by Shaun Bradshaw 
Implementing a Quality and Metrics Process by Richard Sharpe 



Effectively Training Your Offshore Test Team by Michael Hackett 

Building a Software Testing Strategy by Karen N. Johnson 

Help Your Boss Avoid Being an Idiot by Robin Goldsmith 

The How-To Guide for Test Management by Brian Massey 

Team Techniques for Influencing Upstream Decisions by Jeff Feldstein 

Software Reviews: If They're So Great, Why Isn't Everyone Using Them? 

by Clyneice Chaney 
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Performance Testing, Core Principles by Scott Barber 

Maximizing SQL Server 2005 Performance by Mary Sweeney 

Load Testing With OpenSTA by Dan Downing 

Performance Testing Non- Standard and Legacy Applications: 

Hybrid Solutions by Mohit Verma 

Performance Testing 'Obnoxious' Protocols by Mark Lustig 



Common Mistakes When Securing Web Applications by Lars Ewe 
Five Major Application Security Vulnerabilities by Danny Allan 
Models for Security Testing in the Software Development Life Cycle 
by Ryan Berg 

A Buzz About Fuzz: An Approach to Finding Software Vulnerabilities 
by Joe Basirico 
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STPCon Fall 2008 Opening Keynote 

Redefining the Boundaries Of 
Boundary Testing 



Boundary testing is too often discussed, taught and practiced as an overly simplistic 
idea: The designer tells you a boundary, and you test one above and one below that 
boundary. Sound familiar? To exploratory testing pioneer James Bach, that just 
sounds like weak testing. Boundary testing, when approached in an exploratory way, 
becomes much more powerful and more worthy of a skilled tester's best efforts. 
Listen to Bach explain why testers need to rewrite the boundaries of traditional 
boundary testing to improve the outcome of this essential testing practice. 

James Bach is a pioneer in the discipline of exploratory software testing and a found- 
ing member of the Context-Driven School of Testing. He's a co-author of "Lessons 
Learned in Software Testing: A Context-Driven Approach" and the author of "How I 
Learn Stuff: Secrets of A Buccaneer-Scholar. " 



/ 

LIGHTNING TALKS 

Wednesday, September 24 
5:00 pm — 6:00 pm 



HANDS-ON TOOL 
SHOWCASE 



Fast. Concise. Targeted. Lightning Talks strike right at the 
heart of the matter. You'll get the essence of relevant test sub- 
jects in a quick and easy format. Limited to 10 speakers in a 
one-hour session, Lightning Talks lecturers deliver 5 minutes 
of passionate presentations. You'll hear previews of upcoming 
classes, overviews of pet projects, glimpses of new technolo- 
gies and maybe even a joke or two. Don't miss this high-ener- 
gy, high-content session! 



/ 

EXHIBIT HALL 



Thursday 

September 25 

3:00 pm — 7:00 pm 



Friday 

September 26 

9:30 am — 1:30 pm 



The industry's top companies will be showing off their prod- 
ucts in our Exhibit Hall. Meet with the makers of the latest 
software testing tools you currently use or might want in the 
future. Learn about the new products and features, test them 
out, and talk to the experts who built them. 



Wednesday, September 24 
6:00 pm — 8:00 pm 

Software technology is changing fast — and so are the tools 
that QA professionals rely on for testing and performance 
management. What's the best way to keep up with the latest 
solutions and trends? The STPCon Hands-On Tool Showcase! 
Leading companies will be presenting hands-on demos, 
engaging in one-on-one discussions, and offering great food 
and drinks to make the evening more enjoyable for everyone. 
Bring your laptop! 



ATTENDEE RECEPTION 

Thursday, September 25 
5:00 pm — 7:00 pm 

Join your colleagues, classmates, instructors and vendors for an 
informal reception in our Exhibit Hall. Enjoy drinks and hors 
d'oeuvres while strolling through the exhibits and networking 
with your peers. 
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[T-i] Agile Testing Practices 

By Megan Sumrell S Robert Walsh 

When a software development team adopts agile 
practices, the testing team often struggles to understand 
what its role is and how it fits in. This tutorial provides 
participants with an overview of how testing changes 
when a team adopts agile methods. The class will begin 
with an overview of agile principles and practices, and 
will be a combination of presentations and hands-on 
exercises. Participants will leave with a clear understand- 
ing of how traditional testers can navigate through an 
agile adoption. 

Topics will include: 

• Comparison of traditional QA practices vs. 
agile testing practices 

• Acceptance Test Driven Development (ATDD) 

• Defining acceptance criteria 

• Executable requirements 

• Automated testing on agile teams 

• Defect management 

• Continuous integration 

• Exploratory testing 




MEGAN SUMRELL is a Certified 
Scrum Master with more than 12 
years of software testing experi- 
ence. Currently, she is the QA 
architect at Misys Healthcare 
Systems in Raleigh, N.C. She 
specializes in agile testing and 
has worked with several teams to 
help them transition from waterfall to agile prac- 
tices. 



ROBERT WALSH is president and 
manager of applications develop- 
ment at EnvisionWare, which 
provides software solutions for 
public and academic libraries. 
Robert holds a B.S. in secondary 
mathematics education from 
Mississippi State University. He's 
largely a self-taught programmer, but has over 
nine years of professional programming experi- 
ence, mostly with C and C++. 




ROBIN GOLDSMITH has been presi- 
dent of the Go Pro Management 
consultancy since 1982. He 
works directly with and trains pro- 
fessionals in business engineer- 
ing, requirements analysis, soft- 
ware acquisition, project manage- 
ment, quality assurance and test- 
ing. Previously he was a developer, a systems 
program mer/DBA/QA and a project leader with 
the City of Cleveland, leading financial institu- 
tions and a "Big 4" consulting firm. 




[T-2] Measuring and Improving Your 
Test Processes By Robin Goldsmith 

Testing effectiveness is determined by your 

testing process — the way you do things to produce your 

results. To improve test results, you must improve your 

testing process, and that requires meaningful, valid and 

reliable objective measurement. Defect data is the most 

obvious testing artifact to measure, but it must be put 

in context and coupled with other key factors. Not only 

do we tend to miss important measures, but we often 

overwhelm ourselves with too many measurements. 



This interactive tutorial describes a minimum 
set of metrics that your test and QA teams need to know, ways to make those measures within appro- 
priate contexts, and methods to analyze and report to guide improvement. You'll learn techniques for 
overcoming resistance when getting started and engage in practical exercises to see how to apply these 
techniques. 



[T-3] SQL for Testers 

By Karen N. Johnson 

There are application defects that can be found 
once a tester gains knowledge of a database schema 
and develops the ability to write and execute SQL 
queries. By learning about SQL and relational databas- 
es, both manual and automated testing can be 
improved. With knowledge of the underlying data struc- 
ture of an application, business analysts can draft more 
technically precise requirements. Analysts will learn 




KAREN N. JOHNSON is a software 
testing consultant. She has 
extensive experience in test man- 
agement, has published software 
testing articles and is a frequent 
speaker at conferences. She is 
listed as a software testing expert 
on Tech Target's Web site, search 
softwarequality.com, serves as a director for the 
Association for Software Testing, and is a pro- 
gram co-chair for the Conference for the 
Association for Software Testing. 
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about data volume as a factor to consider as an application ages through production use. umM 

In this tutorial, you'll establish a sound foundation in basic SQL knowledge and under- 
stand how both analysts and testers can apply that knowledge to their systems and projects. Topics covered are schemas, primary 
and foreign keys, data types, SQL query writing, volume data and concurrency and deadlocks. 

Through a combination of lecture and hands-on activities, students will leave with a portable, stand-alone relational data- 
base that they can continue experimenting with. Other take-aways include course material designed to move them from beginner 
to intermediate knowledge and references to advanced materials. 



BOB GALEN is the director of prod- 
uct development and agile archi- 
tect for ChannelAdvisor in Cary, 
N.C. In this role, he operates as 
an agile coach and methodologist 
supporting ChannelAdvisor's or- 
ganizational shift toward Scrum 
and other agile practices. Bob is 
also principal consultant for R Gal en Consulting 
Group, LLC. 
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Creating and Leading the High-Performance Test 
Organization By Bob Galen 



Fewer people, less time, changing technologies and increased expectations 
are the norms facing you and your development team today. Nowhere is this more evi- 
dent than within testing teams, since the pressure increases as software moves along 
the life cycle. This challenge to leaders creates the opportunity to differentiate them- 
selves and their teams as they meet and exceed organizational expectations. 

This tutorial focuses on acquiring the fundamental skills to become that 
outstanding test leader. It will explore how to build, motivate and lead great testing teams; create impact-driven communi- 
cations on testing state; properly plan and execute your team's evolution, growth and ability to meet project challenges; 
handle the toughest "people" challenges; and be agile and adaptable to changes in the organizational landscape. 



[T-5] Automated Database Testing: Using Stored 
Procedures By Mary Sweeney 



Today's heterogeneous data environments place an increasingly heavy bur- 
den on test engineers. Applications, whether Web-based or client/server, must be 
tested for seamless interface with the back-end databases; this typically goes far 
beyond what the popular test automation tools can provide. The intricate mix of 
client/server and Web-enabled database applications is extremely difficult to test 
productively. As a result, you're increasingly expected to know how to create and use 
SQL queries, stored procedures and other relational database objects to effectively 
test data-driven environments. 

In this tutorial, you'll learn about testing at the database layer as an impor- 
tant adjunct to current tests. Using demonstrations and code examples, the instruc- 
tor will present tips and techniques for creating efficient automated tests of the critical database back end using SQL, scripting 
languages and relational database objects. You'll learn why testing of database objects and stored procedures is necessary; how 
simple and effective automated tests for the back end can be created using various programming languages, including Perl and 
VBScript; and how to successfully test database objects, such as stored procedures and views, with many examples and code. 



MARY SWEENEY has been devel- 
oping, using and testing relation- 
al database systems for more 
than 20 years for such compa- 
nies as Boeing and Software Test 
Labs. She's the author of "Visual 
Basic for Testers" and "A Tester's 
Guide to .NET Programming." 

Mary is an MCP in SQL Server and is on 
the board of the International Institute of 
Software Test. 




Bj ROLLISON is a test architect 
with Microsoft's Engineering 
Excellence group, where he 
designs and develops technical 
training curriculum in testing 
methodologies and test automa- 
tion. Bj has more than 1 6 years 
of computer industry experience, 
most of it with Microsoft. 




[T-6] Testing Techniques: Theory and Application 

By Bj Rollison 



This tutorial presents the formal theory and practical application of func- 
tional (behavioral) and structural (coverage) testing techniques. You'll learn func- 
tional testing techniques like exploratory testing, boundary value analysis, equiva- 
lence class partitioning and combinatorial analysis. Structural testing techniques 
covered include statement coverage, decision/branch coverage, and condition and 
basis path coverage. 

You'll learn how to use functional testing techniques to establish a solid 
foundation and minimum baseline for test cases. You'll also understand how structural testing techniques can be used to design 
additional tests from a white-box approach to complement the test effort, to ensure that critical paths in the code have been 
exercised and to achieve higher code-coverage results. You'll also learn how to apply both black-box and white-box test design 
approaches to test more effectively. To get the most out of this class, bring a laptop. 
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HANS BUWALDA leads Logi- 
Gear's Action Based Testing 
(ABT) research and develop- 
ment, and oversees the practice 
of ABT methodology. Hans is an 
internationally recognized 
expert in action-based test 
automation, test development 
and testing technology management. 




[T-7] Delivering Test Automation Success Through 
People, Methods and Tools By Hans Buwalda 



Successful test automation is vital to increasing the efficiency of QA efforts. 
If done correctly, it's possible to develop tests earlier, run them faster and repeat 
them more reliably when the software under test becomes available. 

This tutorial presents state-of-the-art techniques — including data-driven 

testing, keyword-driven testing, and scripted and non-scripted automation — that 

can help deliver test automation success. As a framework, the class will use Action 

Based Testing, which has been proven effective and efficient for many testing 

organizations around the world. An important focus for the day is the managerial perspective, such as how to set up the right 

team and how to gain commitment from managers and other stakeholders. 

You'll learn: 

• Effective integration, fine tuning and management of testing and test automation 

• How to apply good test design techniques, such as Soap Opera Testing 

• How to use frameworks like Action Based Testing to ensure visibility, maintainability and scalability 

• How to incorporate an automation framework along with your existing process 

• How to optimize the use of your testing staff's diverse skill sets 



[T-81 Programming Concepts for the Test Professional 

By Timothy Korson 

This course will discuss modern programming concepts from a test and 
QA perspective. Attendees will learn to create more effective glass-box tests by 
being able to identify internal boundary conditions and other error-prone areas in 
the software. Attendees will learn to communicate more effectively with other soft- 
ware professionals by increasing their technical knowledge of software develop- 
ment. Recent developments in software engineering such as Service Oriented 
Architectures will be discussed. 

• Unit 1 - Basic programming concepts 

• Unit 2 - Modern programming concepts 

• Unit 3 - Distributed, composable and scalable applications 

• Unit 4 - Summary 



TIMOTHY KORSON is the founder 
of Korson-Consulting and has 
had more than two decades of 
substantial experience working 
on a large variety of systems 
developed using modern soft- 
ware engineering techniques. 
This experience includes distrib- 
uted, real-time, embedded systems as well as 
business information systems in an n-tier, 
client/server environment. 




Right After Your Full-Day Tutorials, Join Us For... 



LIGHTNING TALKS 

5:00 pm — 6:00 pm 

HEAR SHORT, TARGETED TALKS from mul- 
tiple speakers. If the speaker goes on too 
long, you're invited to let them know it in 
not-so-subtle ways that include rubber 
baseballs! i 
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HANDS-ON TOOL SHOWCASE 

6:00 pm — 8:00 pm 

T 
DEMOS AND DRINKS! Look for this spe- *S 
cial combination of technology and mixol- 
ogy. Get the party started with Gomez and 
MARTINI MADNESS after-hours at STPCon. Look 
for other host companies at the conference. 
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[101] Automated Testing in the .NET Environment: 

A New Opportunity for Test Professionals By Mary Sweeney 

Testing in the .NET environment has gone from a black-box approach to today's full integration of soft- 
ware development and test within the .NET platform itself. This class will guide you through the pros and cons of 
working in .NET, what testing in .NET means to you, your company and today's testing industry. You'll learn how 
the new approach affects your best practices for development and test, how testing in .NET compares to tradition- 
al and current practices, the problems and advantages of this approach, and what it can and can't do foryou. 

[102] Agile Test Development By Hans Buwalda 

The short, iterative cycles, constant feedback and team-based approach to quality effective for delivering 
software also can be applied to developing and automating tests. Good automated test design requires constant feed- 
back from stakeholders outside the QA team, including developers, managers and customers. 

This class teaches an agile approach to building tests and test automation so QA teams can ensure the sys- 
tem is tested early and often, taking testing off the critical path to releasing the product. This class will present a 
methodology and case study to illustrate how agile test development can be implemented in real-world projects. 

[103] Software Performance Engineering, Part 1: Software Execution Models 

By William Louth 

Software Performance Engineering (SPE) is a systematic process for planning and evaluating a new 
system's performance throughout the application life cycle. 

Learn the concepts underlying a software execution model as well as the basic activities involved in 
constructing SPE's software execution models during application development and unit and functional test- 
ing. During the session, various tools and techniques for constructing a software execution performance mod- 
el will be presented, as well as best practices on obtaining data: who, what, where and when. 

In this class, you'll learn how to effectively execute SPE activities in continuously constructing and 
verifying software execution models across development builds, as they apply to performance risk, critical 
use cases, performance scenarios and objectives and resource requirements. 

[104] Overcoming Requirements-Based Testing's Hidden Pitfalls By Robin Goldsmith 

In this class, you'll learn key sources of requirements-based testing oversights, including a failure to dis- 
tinguish between business and system requirements, assessing the completeness of requirements, the premise 
of one test per requirement, the appropriate level of test-case detail and the inclusion of requirements-based unit 
tests. We'll also cover the strengths and weaknesses of requirements-based tests, the importance of testing based 
on business and system requirements, and determining how many tests a requirement needs. 

[105] Web 2.0 and Security By Danny Allan 

The short, iterative cycles, constant feedback and team-based approach to quality effective for delivering 
software also can be applied to developing and automating tests. Good automated test design requires constant feed- 
back from stakeholders outside the QA team, including developers, managers and customers. 

This class teaches an agile approach to building tests and test automation so QA teams can ensure the sys- 
tem is tested early and often, taking testing off the critical path to releasing the product. This class will present a 
methodology and case study to illustrate how agile test development can be implemented in real-world projects. 

[106] Performance Testing, Core Principles By Scott Barber 

Teams developing commercial software rarely have sufficient time, resources and skills to effectively 
performance-test their systems. In cases where rigorous approaches wouldn't be effective, a flexible, risk-based 
approach is needed. Any approach to performance testing should focus on collecting the data necessary to assist 
the development team in identifying, prioritizing and tuning areas of suboptimal performance and to assist stake- 
holders in making sound business decisions related to performance risks. This session introduces a proven heuris- 
tic approach to performance testing. It's based on the book "Performance Testing Guidance for Web Applications," 
which you can access online for free and begin applying immediately. 

[107] Security Fix Validation and Security Bug Use-Case Testing During QA 
Using Browser Automation Technology By Lars Ewe 

Learn practical steps for using browser automation to validate Web application security patches in QA. 
Begin with an overview of common Web application vulnerability types, then focus on major vulnerabilities of 
cross-site scripting and SQL injection. 

You'll see a demonstration of the use of browser automation to model vulnerability tests performed by penetra- 
tion testers or automated security scanning, which can then be reused to determine if a proposed security fix is effec- 
tive. You'll also learn how commercial Web application vulnerability scanners are used to properly model security tests 
during quality assurance testing. 

[108] Java Profiling in a Performance Assurance Life Cycle By Rama Karthikeyan 

Performance assurance requires a structured approach to planning, testing, analyzing and improving the 
performance, scalability and stability of Web-based applications. This involves defining performance goals; capaci- 
ty planning; scripting; code profiling and system bottleneck identification; infrastructure, stress, baseline, high-vol- 
ume, longevity and scalability testing; platform tuning; production monitoring; and regression testing. 

Learn a detailed methodology for Java code profiling that can be incorporated in a performance assurance 
cycle. Learn CPU profiling, and how to rapidly identify poorly performing and poorly scaling methods from various 
standard profilers. 
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[201] Test-First GUIs: The Model-View-Presenter Approach By Robert Walsh 

Graphical user interfaces are seen as a challenge for many people who have migrated to test-driven development. Some feel that GUIs can't 
be developed effectively using TDD; others say it's enough to stop short of the actual Ul and test "just below the surface." 

Using a Model-View-Presenter (MVP) pattern and some other common techniques from TDD, GUIs can be built and tested in the same man- 
ner as other code built test-first. This class will show you how to construct graphical user interfaces test-first using MVP. Concrete examples will be giv- 
en in C++ using both Win32 and Qt. The technique is applicable to virtually any development language and environment. 

[202] The 5% Challenges of Test Automation By Hans Buwalda 

Too much effort goes into developing test scripts, while the percentage of tests that are actually automated is usually no more than 30 
percent. This problem led Hans to develop the 5 percent challenges of test automation: No more than 5 percent of tests should be executed man- 
ually, and no more than 5 percent of the test effort should be spent creating automation. Learn the 5 percent challenges and see them at work. 

[203] Software Performance Engineering, Part 2: System Execution Models 

By William Louth 

Software Performance Engineering (SPE) is a systematic process for planning and evaluating a new system's performance throughout the 
application life cycle. 

In this concluding session, learn how to effectively execute SPE activities in continuously constructing and validating system execution 
models across software releases. You'll learn to evaluate performance models, monitor and analyze software performance, confirm performance 
objectives, tune performance and manage system capacity. 



[204] Designing Performance Tests Heuristically and Visually By Scott Barber 

Compared with functional testing, performance tests generally take longer to conduct, must typically be conducted one at a time and are 
more commonly inconclusive on their own. Additionally, it's nearly impossible to determine which performance 
tests will provide significant information value until the results from the previous test are analyzed. 

This session is designed for the performance testers, analysts, architects and managers who most signifi- 
cantly contribute to performance test design. You'll learn heuristic and visual methods to design and document per- 
formance tests that are intended to deliver significant informational value while helping to ensure that performance 
testing remains focused on achieving business objectives, reducing project risk and avoiding bad press. 

[205] How to Test the Untestable By Robin Goldsmith 

Testing documented features is easy. But what about testing the untestable: application requirements and 
design? When something isn't testable, it's usually because it's not clear, which increases the chance of develop- 
ment errors, but we have to test those elements anyway. Defining testable Quality Factors (often called "non-func- 
tional requirements") is especially challenging. 

In this class, you'll learn how tests and test cases indeed can be created for these seemingly untestable 
requirements and designs. You'll also see how to correct problems in these areas, with suggestions how to proceed 
without encountering the resistance that testers typically tend to face. 

[206] Effectively Training Your Offshore Test Team By Michael Hackett 

Working with offshore teams is a fact of life, but many are still struggling to make their global test teams 
work effectively. Training your offshore test team is critical to the success of your projects for minimizing stress 
and late-night phone calls, ensuring you get the right information from the offshore team and enhancing your test- 
ing effort's chance of success. 

Learn through real-world examples the key elements of successful offshore testing, including training in 
the areas of process, product/domain knowledge and testing techniques, and how training can be used as a reten- 
tion tool for offshore staff. 

[207] Robust Testing With Stochastic Test Data By Bj Rollison 

Many tests require input variables, often referred to as test data. Real-world test data is important, but it 
really serves only to verify nominal input conditions. Also, constantly reusing the same data repeatedly from a stat- 
ic data file doesn't provide significant benefit. But random data is often shunned because it may not be repeatable. 
This class will teach techniques to generate random test data for both positive and negative testing using seed values for repeatability, and 
how to randomly test data from a set of static variables based on a weight factor for preference. 




[208] Common Mistakes When Securing Web Applications By Lars Ewe 

Many organizations lack an overall sense of the best practices for deploying and securing \Neb applications. Despite security practices of the 
OWASP and WASC threat classifications, a number of mistakes are still commonly made. 

This class explores five common mistakes made when securing Web applications, and the impact that these design flaws have on the overall 
security of an application. Issues such as client-side trust relationships, failure to properly secure application redirection mechanisms, and other design 
and configuration elements can quickly undermine application security, even when diligent security practices are in place. 
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[301] Testing in an Agile Environment By Megan Sumrell 8 Robert Walsh 

Contrary to what some believe, the agile view of testing is not "Don't test," "Only developers should test," or 'The only good test is an auto- 
mated test." Agile attempts to augment traditional testing efforts by adding tests written and executed by developers and customers to those created 
and run by professional testers. TDD and unit testing, user acceptance testing (automated and manual), exploratory testing, usability testing, load 
and performance testing, integration testing and other test techniques all play significant roles in agile environments. 

This class will illustrate how various testing efforts are used in responsible approaches to agile software development and explore ways that 
traditional QA efforts can be adapted to fit neatly into agile processes. 

[302] Building a Software Testing Strategy By Karen N. Johnson 

If you've ever faced strategic planning issues for a software project, this class will help. For a strategy to be effective, you must 
solicit ideas and build an understanding with your project stakeholders. This class explains how to communicate your strategy to other proj- 
ect leads. 

Learn to brainstorm, build, implement and update test strategy, including details of scope, testing types, estimates, resources, plans, mile- 
stones, risk and acceptance criteria. You'll learn how to update your strategy throughout the project and to discuss and gain input and acceptance 
throughout your organization. For beginning and mid-career test managers. 

[303] Performance Testing for Managers By Scott Barber 

Performance testing as an activity is widely misunderstood, particularly by managers. This presentation is designed to help managers increase 
the output of performance testers and their projects by applying better management practices. We'll explore what managers should expect (and why 
they aren't getting it), what additional value performance testing can bring (and blockers to achieving that value), tips for interviewing performance 
testers and methods for dealing with common performance testing challenges. 

[304] Software Endgames: How to Finish What You've Started By Bob Galen 

There's no worse feeling than having your team work its tail off on a project only to have it fail to meet the customer's scope or quality tar- 
gets. So much focus is typically put on the beginning of a project that we fail to realize how important it is to end well. 

In this class, Bob shares tools and techniques he's used to successfully deliver on projects. Learn how to plan an iterative model for testing, 
create dynamic release criteria and connect them to your requirements, manage change in agile and non-agile environments, and effectively handle 
defects and winnow down change via several code freeze models. 

[305] Fixing Memory Leaks and Other Defects By Chris Gottbrath 

Memory leaks and similar defects can be frustratingly hard to pin down, particularly after applications or systems have been deployed. Quality 
professionals who want to be confident about the application they're testing need tools that can detect memory leaks that run in the shortest amount 
of time possible. 

In this class, you'll learn how to test for memory leaks and other memory errors, how to hand off the problem to the development team, and 
how this important part of the bug-fixing process can be improved by using advanced tools that provide detailed reports of the state of heap memory. 

[306] Test Strategy on a Whiteboard By James Bach 

Make a picture of the thing to be tested, then mark it up with symbols indicating how you might test it. The result is a compact and easily 
explained summary of the test strategy. This can be a nice alternative to a long-winded test plan document, or a nice thing to include in addition to 
such a document. Test-industry pioneer James Bach explains why his whiteboard strategy is a good practice — and how it can be a bad practice, too. 

[307] Exploratory Testing: Not Just Parlor Tricks? By Robin Goldsmith 

Click, Click, Kaboom! Provoking strange software behavior often may be the main rationale for exploratory testing. While certainly 
attention-grabbing and even entertaining, such feats may be testing's version of parlor tricks — all sizzle and no steak. 

Learn why such tests divert test time and resources to superficial situations and distract testers from catching more important errors 
that exploratory methods are likely to miss. Learn more reliable and useful approaches for putting contextual testing into context to leverage 
exploratory testing strengths in ways that provide more substantive value by detecting more important defects. 

[308] Virtualization: Moving to a Truly Virtual QA Lab By Ian Knox 

Test teams experimenting with virtualization are realizing a need to move from basic implementation to automated virtual environment. In this 
class, you'll learn how to make that transition, hear best practices for leveraging a virtual lab in your QA process, and see real-world examples of vir- 
tual test lab implementations and lessons learned. 

You'll learn how virtualization is being applied in test labs, how to select a virtual lab solution (including pros and cons of different options), 
how to implement and configure a virtualized environment, and how to integrate existing test/development tools and improve testing processes with a 
virtualized test lab. 

[309] Modular Test Case Design: The Building Blocks for Reusable and Maintainable Tests By David Dang 

There's nothing new about using modular designs in software development. But what about test case development? The principles that make 
modular designs useful for programming — increased reusability, reduced maintenance time and easy abstractability — are equally applicable to test 
case development. 

In this class, you'll learn how to perform test analysis with modular test case design in mind, build and execute test scenarios using 
modular test cases, transition manual modular test cases to automated ones, recognize key differences between procedural test cases and 
modular ones, analyze requirements and designs to generate modularized tests, develop modular test cases and construct test scenarios 
using skeleton scripts. 
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[401] Help Your Boss Avoid Being an Idiot By Robin Goldsmith 

We've all had a boss we've thought was an idiot. Whether dooming projects from the start with unrealistic budgets and schedules, failing to 
allow people to use skills the organization paid big bucks for them to learn, or pushing projects into production before they're ready, boneheaded 
bosses aren't just to be laughed at in "Dilbert." In this session, learn how bosses become the way they are and hear ways you can smarten them up 
to increase the chances for both of you to succeed. 

[402] Explaining Testing to 'Them' By James Bach 

Testing can be hard to explain to management — or to anyone. In this class, software test guru James Bach presents quick and effective 
ways to get the point across so you can get the support you need to do your job. 

[403] Maximizing SQL Server 2005 Performance By Mary Sweeney 

SQL Server 2005 is a robust and highly performing database management system, but how do you deal with bottlenecks and per- 
formance problems? In this session, you'll explore tips and techniques to gain the most from your SQL Server from an experienced practi- 
tioner working on the nation's fourth largest database. Join us also to find out some of the new features and differences in the just-released 
SQL Server 2008. What you'll learn: 

• The quirks that can hold up large queries and how to troubleshoot them 

• The benefits and liabilities of your SQL Server 2005 installation 

• The five important techniques you need to know to get the best performance from SQL Server 2005 

• SQL Server 2008 performance enhancements 

[404] Combinatorial Analysis: A Pair-Wise Testing Primer By Bj Rollison 

Pair-wise testing is a systematic procedure to effectively reduce the total number of tests by selecting a set of tests that evaluates every pair 
combination. It works because historical and root cause analysis shows that the majority of errors caused by the interaction of variables occur 
between two parameters rather than interaction between the variables for three or more parameters. 

This class compares orthogonal arrays to pair-wise analysis, with a detailed example of how to use one of the most powerful combinatorial analy- 
sis tools available today (Pair-wise Independent Combinatorial Testing, PICT) from Microsoft to systematically test complex interdependent parameters. 

[405] Turn Your Test Team Into a High-Performance Organization By Michael Hackett 

Want a road map to quality? Everyone — all development managers, test managers and their organizations — is looking for ways to improve 
quality. Quality improvement can come in many forms: reducing risks by delivering higher and predictable quality product; optimizing time-to-market; 
increasing productivity; and building a more manageable organization. Some managers look for quality improvement by attempting to implement a 
more standard or formal process. 

This sounds good, but how do you get there? In this class, you'll learn how to evaluate your test process and strategy, create a culture for 
change, implement change and use effective methods for measuring improvement. 

[406] Measure Quality on the Way In, Not Just on the Way Out By Jan Fish 

Organizations typically measure code quality after it goes into production. What about measuring quality coming into test? Code reviews 
give some indication of quality, and traceability data can show holes in documents and test cases. 

But true gauges lie elsewhere. By measuring the number of passed and failed test cases and calculating the failure rate, you can forecast 
failure and the number of test-case executions required each day. This lets you adjust resources, timelines or levels 
of effort day-to-day or week-to-week. Manage your testing effort — or it manages you — in just five minutes a day with 
a simple spreadsheet. 

[407] What You Must Know to Demystify Ant Build Scripts By Matt Gabor 

Does your testing process include a pre-build before you test or an audit of the developer-supplied build? If 
not, you may be missing critical bugs that because of mismanaged production libraries are found only when the appli- 
cation is deployed. Most testing teams avoid managing the build process because the scripts that support the build 
are cryptic and difficult to understand. 

Learn the components of Ant/XML scripts, how to identify problematic hard-coded source and library refer- 
ences, and the use of debug flags and statically defined directory information. Learn to audit the builds and define 
build script requirements to improve build quality. 

[408] Five Major Application Security Vulnerabilities By Danny Allan 

Applications are frequently released with significant security risks because security coverage in the SDLC 
and QA cycles is often informal and undocumented. Companies are either relying on an overburdened security team 
to test late in the cycle, or they're throwing complex tools at QA teams, expecting them to master security testing 
with no formal training. 

Solve this problem and increase adoption of security testing in development and QA without overburdening 
the teams. Danny will demonstrate the five biggest application security vulnerabilities and share techniques and best 
practices to build application security testing into existing QA processes. You'll learn about Web security vulnerabili- 
ties and compliance issues, and how to integrate application security testing with defect tracking and remediation. 
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[501] Agile Testing Within Scrum By Bob Galen 

Many testing efforts succumb to management and project pressures. In the endgame phase of software development, where anything goes 
for the delivery of a product, quality is usually the first to go. Scrum is one of the agile methodologies, and focuses on project management in itera- 
tive development efforts. It can be successfully applied to testing to renew focus and improve overall results. In this class, you'll learn the Scrum 
methodology and how to apply it to your testing cycles to dramatically improve results. 

[502] The Most Effective Ways to Improve Software Quality By Chris Sims 

What are the best ways to improve the quality of your software? More testers! Better specs! More time for testing! All true. But are they 
under your control? For most of us, the answer is "Not so much." So what can you do as an "in the trenches" QA professional? More interestingly, what 
have you done? Share your most effective tips, tactics and practices, and tap into the collective wisdom that will be present through the Nominal Group 
Technique (NGT). Walk out ready to make a bigger impact with the resources already at your disposal. 

[503] The Magic Bullet of Test Automation Is Not 'Record and Playback' By Aaron Cook 

Many software QA automation solutions are marketed as an "easy" way to increase test coverage, perform regression tests and increase the 
number of defects found — all with record-and-playback capabilities. Experience shows this approach is a guaranteed way to develop test automation 
"shelfware" and to continue to propagate the myth that test automation costs more than it's worth. 

In this class, you'll learn an approach to high-quality test automation that will allow your team to develop sound strategic automation frame- 
works for use and reuse by the quality assurance and test automation teams 

[504] Load Testing With OpenSTA By Dan Downing 

OpenSTA is increasingly popular as an open-source alternative to commercial load testing tools. However, performance testers making 
this choice are confronted by the dual challenges of learning both tool and process, without the formal training support of commercial products. 

In this class, Dan Downing demystifies the fundamentals of conducting effective load tests. He will introduce you to his 5-Steps of Load 
Testing: Discover, Develop, Run/Fix, Report. You'll experience OpenSTA on a real site: modeling load, developing scripts, configuring, launching 
and monitoring tests, analyzing, interpreting and reporting results. You'll learn workarounds for tool limitations — especially in results analysis — 
and how to access community resources to support your learning back at work. 

[505] I Went to This Conference and All They Talked About Was Requirements By Robin Goldsmith 

Why are so many testing conference classes about requirements? Testers need to know what the requirements are to confirm that systems 
meet them. Yet too often, testers receive inadequate requirements too late. Getting testable requirements is increasingly becoming the tester's job. 
How can you get them on time? 

Learn the issues that often impact requirements efforts and hear appropriate ways testers can contribute effectively to getting the clear and 
accurate requirements they need. Learn why testers gravitate toward — but may not succeed as — being requirements definers and how to avoid the 
"testability trap" that keeps testers out of the requirements loop. 

[506] Model-Based Testing for Java and Web-Based GUI Applications By Jeff Feldstein 

Classic automation repeats the same tests until it stops failing or the application ships. But customers rarely traverse the application in the 
same sequence as the automation, and they're likely to find bugs that the automation missed. Mode I -based testing is a form of automated testing 
that brings random and flexible behavior to your automated test cases. 

Learn how to implement model-based testing specifically as applied to Java and Web applications. See a demonstration of model-based test- 
ing — the XDE Tester — download the source code containing the data structures, concepts and program flow for implementing a large-scale, industri- 
al-strength, model-based test system. 

[507] The How-To Guide for Test Management By Brian Massey 

Test management should allow organizations to manage testing efforts — from test case documentation through execution to status report- 
ing. From a quality perspective, it should allow you to take a product from plan to production. 

Learn how to manage the testing effort, from resources, to assets, data, labs, etc. — and report status. What processes are in place in your 
organization for quality and testing, how are these processes realized by the test practitioners, and what needs to be reported back to management? 
Understand how proper test management can drive testing centers and allow for organizational-level quality perspectives. 

[508] End-to-End Performance Process: From Requirements to Production Monitoring By Alfred Wong 

Performance test engineers are often engaged in a project only during planning and execution of performance tests. But there are many more 
ways they can contribute, such as by helping fix performance bugs or avoiding them in the first place. 

This class walks through an end-to-end performance process from requirements to production monitoring, and focuses on how performance 
engineers can contribute each step of the way. This class will help performance engineers and managers enhance their current process toward increas- 
ing their contribution, forewarn them of possible challenges, and explain how tools and techniques can overcome them. 
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[601] Testing in the Enterprise Using Scrum By Bob Galen 

Scrum has become one of the foremost agile methodologies, but the approach is not without its chal- 
lenges. One of the most critical is guiding the testing effort as project size and complexity increase. 

In this class you'll learn how to handle legacy and non-greenfield projects, distributed testing, integration 
testing of large-scale systems, coordinating with multiple product owners, and marrying traditional testing expec- 
tations and techniques with those of the agile teams. You'll also explore strategies for traditional testers to suc- 
cessfully transform their skills and experience into their agile teams to make a high-quality impact. 

[602] The Makings of a QA Leader By Chris Sims 

One of the best ways to increase your impact on the quality of your product, team, company and 
career is to step beyond the role of contributor and into leadership. There are many managers who are not 
leaders, and many leaders who are not managers. If you feel the call to leadership, but aren't sure how to 
begin, this workshop is for you. 

We'll use the Nominal Group Technique (NGT) to gather the group's experiences and ideas, identify the 
factors that have had the biggest impact and efficiently harness the collective wisdom of the group. 

[603] To Infinity and Beyond: Extreme Boundary Testing By Robert Sabourin 

If you think you've explored the boundaries as part of your testing, this dynamic interactive presenta- 
tion will open your eyes to some wonderful boundaries and great techniques to expose and explore them. The 
adventure begins with traditional boundaries, input fields and equivalence classes, and then dives into the 
rich universe of boundaries related to systems behavior, environments, system limits, design limitations and 
even eccentric user behaviors. This presentation opens your eyes to exploring the final frontier and under- 
standing that beyond the confines of our knowledge, there be dragons! 

[604] Models for Security Testing in the Software Development Life Cycle By Ryan Berg 

Often there's a lack of security expertise among development teams or a lack of development expertise among security teams. There's also 
a misconception that security reviews extend development schedules. Organizations need a central, concrete model for security evaluation and a 
comprehensive task list detailing the roles and responsibilities for each group involved. And that's what this class is all about. You'll learn practical 
models that give testing responsibility to developers, QA staff or security teams, explaining the specific requirements for each approach as well as 
expected outcomes. 

[605] Balancing Test to Break, Test to Validate and Metrics By Jeff Feldstein 

We test software to answer two questions: Does it work? Will it break? The tester's job is to balance investments in each question. Learn how 
to generate a feedback loop among three major areas: test-to-valid ate, test-to-break and test metrics. You'll learn guidelines to ensure you're optimiz- 
ing the investment in these areas competing for your limited resources. Specific types of test-to-validate and test-to-break methods will be presented. 
In addition, example metrics will be explored, along with suggested actions to take based on the results. You'll also come away with suggestions for 
communicating these concepts to your test team. 

[606] Software Process Improvement's Dirty Little Secret By Robin Goldsmith 

Despite investing copious time and money, organizations often fail to realize desired benefits from formal software improvement initiatives, 
such as Six Sigma and capability maturity model-fitting. Lessons-learned analyses continually point to the same set of "usual suspects," but overlook 
a key implementation shortcoming that actually may account for much of the costly initiatives' underperformance. This is a major reason such 
process improvement initiatives often don't improve. 

Learn about this seldom-recognized flaw that afflicts many high-overhead initiatives, and how organizations often lose sight of key weakest- 
link exceptions to their seemingly comprehensive practices for improving software processes. 

[607] Designing JUnit Test Cases for Effective Functional Testing By Matt Love 

JUnit is the standard for creating Java unit test cases. Would you benefit from a deeper understanding of how to develop a functional test 
suite that effectively verifies whether code works as designed? 

This presentation introduces and demonstrates a strategy for building an effective JUnit functional test suite that identifies use cases that 
cover all actions that your program should be able to perform, identify the code's entry points and pairs entry points with the use cases that they 
implement, create test cases by applying the initialize-work-check procedure, and develop runtime event diagrams and use them to facilitate testing. 

[608] Performance Bugs and Investigation Strategies By Alfred Wong 

Performance bugs appear in many shapes and forms, and each requires its own investigation strategy. This class first discusses briefly some 
different types of performance testing, then focuses on performance bugs commonly found in Web applications and their corresponding investigation 
strategies. The class will teach performance engineers and managers about the different types of performance bugs and the corresponding types of per- 
formance tests that expose them, how to participate actively in performance bug investigation, and how to apply these strategies to projects. Note: This 
class builds on the End-to-End Performance Process class (Class 508), but also may be taken separately. 
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[701] Taking AIM— Using Visual Models for Test Case Design By Robert Sabourin 

Designing test cases is a fundamental skill all testers master over time. This workshop teaches a fun graphical technique to help you design pow- 
erful test cases and choose test data that will surface important bugs fast. These skills can be used in exploratory, agile or engineered contexts — any time 
you need to design a test. 

Mind maps are powerful graphical tools used to help visualize complex paths and relationships between concepts. Learn how mind maps can 
be used to visualize test designs and help understand variables being tested, alone and in complex combinations with other variables and conditions. 

[702] A Buzz About Fuzz: An Approach to Finding Software Vulnerabilities By Joe Basirico 

Fuzzing is a technique that feeds random inputs to applications in an attempt to choke them. Fuzzing provides a simple, highly automati- 
ble way to trap uncommon and unforeseen errors that may have been overlooked. 

Learn fuzz testing in practical terms and how to include fuzz testing in your QA efforts. Through demonstrations, learn about fuzz testing tools 
and techniques, and discover how fuzzing provides insight into application behavior. You'll hear examples of how fuzz testing can uncover hard-to-find 
bugs and how it can provide metrics on software correctness. After this class, you'll be able to apply fuzz testing immediately. 

[703] Team Techniques for Influencing Upstream Decisions By Jeff Feldstein 

Influencing people who work for you is easy (usually). Influencing people with whom you have no direct reporting relationship isn't always so 
easy. Testers rely on what they get from marketing and development to do their job well. But it's more important for test/QA teams to influence the oth- 
ers rather than vice versa. 

Discover what Jeff has learned at Cisco that will help you develop test-specific strategies to influence other internal organizations. Hear about 
solutions that most test teams need when trying to get good requirements from marketing and sound, testable code from development. 

[704] Optimizing Your Testing Effort With Keyword-Driven Frameworks By Brian Massey 

Time is always in short supply. This class will teach you about tools for taking the manual tests created in the initial project planning phases 
and incrementally creating automation using a keyword-driven framework that allows for the creation of modular test assets and reuse. 

Take away a framework for keyword-driven testing that allows easy planning and creation of manual tests using the framework, and learn how 
an automated functional testing tool can be integrated easily into the framework. 

[705] Metrics: How to Track Things That Matter By Clyneice Chaney 

Metrics programs have often been a dirty word, misused and poorly implemented. This class discusses ways to provide metrics that really mat- 
ter to organizations and provide visibility into their or their customers' organizations. You'll learn why metrics programs fail and then work on the keys to 
successful metrics programs, developing quality metrics that matter and ways to implement and maintain these metrics over time. 

[706] Performance-Testing Non-Standard and Legacy Applications: Hybrid Solutions By Mohit Verma 

Legacy and proprietary applications form the backbone of many corporations. Performance testing of such applications often presents unique 
challenges and demands creative solutions. 

Learn about a solution implemented for a critical legacy healthcare application, and how it can be applied to other non-standard applica- 
tions with minor modification. Tackle the problem of what the test environment requirements are, how to gather test data and how the test environ- 
ments and tools are integrated. This class will present a step-by-step walk-through of the solution that can be implemented elsewhere. Gain most 
from this class by bringing your laptop. 

[707] Java EE Performance-Tuning Methodologies By Steven Haines 

Java EE performance experts know that the key to success is to focus application-tuning effort where it's most needed: the wait-points, where 
the delays happen. But what are the wait-points, how can you find them in your application, and what can you do about them? That's what you'll 
learn in this intermediate-level class. 

Wait-points can encompass Web and business-tier thread pools, external dependency connection pools, persistence caches, object pools and 
even garbage collection. In this class, you'll learn how to disassemble your application call stack, identify wait-points and tune from the inside out to 
optimize throughput and suspend requests where they're best suited to wait. You'll leave this class knowing how to focus your application tuning efforts 
to immediately improve the performance of your Java EE systems. 

[708] Using Virtualization to Manage Globally Distributed Testing By Chintan Gupta 

Distributed software testing projects can involve multiple teams working on different components with different tools and styles in different 
parts of the world. There's always the possibility of overlap, redundancy missing requirements and communication gaps. 

This class will study an IBM project that suffered from all these challenges and was missing deadlines and finding increased and duplicate 
defects. Learn how we solved these problems using virtualization with OS snapshots for repetitive testing by combining the technology with earned val- 
ue management and test management. 
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[801] Implementing Automated Software Testing, Part 1 By Scott Bindas 

Based on original research conducted by IDT, 70 percent of companies believe that test automation achieves a high payoff, but half don't 
know how to do it. This two-part class will walk through a proven and effective test automation approach using open-source testing tools such as 
STAF/STAX and VNCRobot, and how to leverage the tools in the overall testing effort. You'll also see a demonstration test automation suite and learn 
the importance of such scalable, extensible and pluggable frameworks. 

[803] Testing Your Software Architecture By Neeraj Sangal 

Automated testing of software architecture can keep quality from degrading and help preserve the design intent. In this class, you'll learn a 
new, lightweight approach to specifying and verifying software architecture. Using inter-module dependencies, software architecture is represented 
using a dependency structure matrix. Once the architecture is specified, it can be verified through automated tests during development, and architec- 
tural violations can be easily prioritized for remediation. 

[804] Effective Metrics for Managing a Test Effort By Shaun Bradshaw 

As a development manager, do you have trouble getting upper management to understand the impact of delays, defects and chances in scope? 
This class will introduce you to a set of well-defined test metrics for tracking and managing the testing effort. You'll learn how to consistently apply 
these metrics to software projects and to improve the communication of your findings to the rest of the organization. This class covers test metrics 
philosophy, base test metrics, management test metrics and interpreting test metrics. 

[805] Deciding What Not to Test By Robert Sabourin 

Software project schedules are always tight. There's not enough time to complete planned testing. But don't stop just because the clock ran 
out. Triage of testing ideas, assessing credibility and impact estimation can be used to help decide what to do when the going gets tough! Decide 
what not to test on purpose— not just because your time's up. 

This presentation explores some practical and systematic approaches to organizing and triaging testing ideas, which are influenced by risk 
and importance to your business. Information is coming at you from all angles — how can it be used to prioritize testing and focus on the test with the 
most value? 

[806] Quality Throughout the Software Life Cycle By Jeff Feldstein 

Quality cannot be tested into the product; it must be emphasized, monitored and measured from the beginning of the project. Each team 
involved in the project — from management to marketing — plays a key role in ensuring software quality. A carefully planned application development 
life cycle is a key requirement to successful delivery of on-time, quality software. 

This class will explore each broad phase of development — requirements, development, testing and deployment — from a software quality perspec- 
tive. You'll learn the activities required at each step, the precise role of the tester or QA engineer, common mistakes and how to catch bugs earlier. 



[807] Software Reviews: If They're So Great, Why Isn't Everyone Using Them? 

By Clyneice Chaney 

Software reviews are a proven technique for reducing defects in delivered systems. They're considered an industry best practice for detecting 
software defects early and learning about software artifacts. However, many organizations fail to use them, fail in implementation or believe that they're 

too time intensive to be of value. 

Learn how to make software reviews more viable in today's fast-paced organizations. Discuss a variety of 
options, hear practical considerations for implementation and factors that can derail it, learn how to develop a strat- 
egy for resistance and when software reviews are best used, and receive key automation techniques. 

[808] Best Practices in Java Environment Performance Testing By Steven Haines 

Learn how to implement performance testing in enterprise Java environments. This class presents a detailed 
methodology for following performance requirements from architecture artifacts through unit testing, integration 
testing and production staging. Learn to implement a formal capacity assessment that determines when you need 
to add resources to your environment, and how to validate that your test bed mimics your end users' behavior. 
Automate a repetitive test process that quickly reports the quality of your code. 
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[901] Implementing Automated Software Testing, Part 2 By Scott Bindas 

See description for class 801. 

[902] Performance-Testing 'Obnoxious' Protocols By Mark Lustig 

While performance-testing tools and techniques have reached a relative state of maturity, dealing with non-standard, complex and emerg- 
ing protocols is beginning to demand evasive action. Not all systems are developed using HTTP-based protocols. In Web-based Uls, challenges abound 
to accurately simulate obnoxious protocols such as compressed XML, Java Swing, Flash and AJAX. 

Learn about specific techniques and a mature methodology for working with challenging protocols. Specific topics discussed will include 
performance-testing tool add-ins and integration points, and custom load generation suites. We'll also address complementary techniques for work- 
load characterization, data generation and test data management. 

[903] Implementing a Quality and Metrics Process By Richard Sharpe 

Quality in software projects needs to start in the development team. Using tools and metrics can help spot buggy code and reduce risk of 
issues before the code has even entered QA. However, are all metrics equal? What do we do with the collected data? 

This class will discuss and demonstrate that metrics used in a feedback loop such as that of continuous integration can benefit software proj- 
ects and reduce costs due to rework. 

[904] How to Break Web Software By Joe Basirico 

The Web and Web services are prime targets for hackers. But network security isn't the answer. This class describes a model for Web appli- 
cation testing that covers accountability, availability, confidentiality and integrity. You'll be taken on a journey through the set of techniques for break- 
ing Web applications and methods of mitigation. 

Go beyond the basics of SQL injection and cross-site scripting (also covered) to more advanced and sinister attacks. Learn how to think about 
security vulnerabilities in Web apps, techniques for information gathering, client-side attacks, state attacks, data attacks, language attacks, server 
attacks and authentication attacks. 

[905] Bugs on Bugs! What Looney Tunes Taught Me About Testing By Robert Sabourin 

Characters from the Looney Tunes gang — Bugs Bunny, Road Runner, Foghorn Leghorn, Porky Pig, Daffy Duck, Michigan J. Frog and others — 
provide wonderful metaphors for the challenges of testing. 

Bugs teach lessons for the young at heart — novice and experienced alike. Robert shares some powerful heuristic models that you can apply 
right away, including the value of modeling personas for test design, how metaphors can help us understand and communicate, and how heuristic 
models are not only useful — they're fun. 

[906] How to Fail With 100% Test Coverage By Jason Rudolph 

With an expressive language such as Ruby and with modern test practices, 100 percent test coverage is readily achievable. But 100 per- 
cent coverage is meaningless without other supporting habits and practices. Over the last few years, we've taken dozens of projects to 100 percent 
coverage, and there are still plenty of things that can go wrong. 

We'll look at examples of fragile mocking, the ugly mirror, overspecification, underspecification, invisible code, incidental coverage, and shal- 
low tests, and show how to prevent each from infecting your project. 

[907] SOA Life Cycle Quality: The Tipping Point of SOA Governance By John Michelsen 

As organizations rapidly develop the capability to create service-based applications, they seek SOA governance to ensure that applications 
are aligned with the needs of the business and operate predictably. 

In this class, we'll discuss how testers and developers can collaborate on a continuous basis to improve quality in these complex, heteroge- 
neous environments. Real-world SOA testing examples from leading financial and manufacturing enterprises will be examined and discussed from an 
architectural and business-process point of view. Attendees should already have a good understanding of SOA. 

[908] Testing Visibly By David Kapfhammer 

One of the worst things a testing organization can do is to operate in obscurity from the rest of IT. If the testing organization doesn't treat 
developers, business analysts and users like customers, they'll most certainly lose credibility as the "team that operates behind the curtain," and ulti- 
mately become ineffective. 

Learn a strategic road map that test organizations can use to operate visibly and transparently. Learn how and why the testing team should 
issue a user manual that details how to engage testing services, including a specific operational workflow and work breakdown, and maintain an 
open-door policy. 
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Danny Allan came to Rational with 
the acquisition of Watchfire, which 
he joined in 2000. As a security 
researcher, he's involved with enter- 
prise global customer deployments, 
researching and evaluating technolo- 
gies, and helping define and recommend strategic 
directions for Watch fire's security solutions. 

Danny has published several whitepapers and 
articles, and is active in industry working groups. 
He speaks at security events and is called upon 
by key media, including AP, Bloomberg and the 
Wall Street Journal, for his opinions on Web 
application security. 

[105] Web 2.0 and Security 
Thursday, Sept. 25 10:00 am - 1 1:00 am 

[408] Five Major Application Security Vulnerabilities 
Thursday, Sept. 25 3:45 pm - 4:45 pm 





James Bach is a pioneer in the disci- 
pline of exploratory software testing 
and a founding member of the 
Context-Driven School of Testing. A 
prolific writer, he co-authored "Les- 
sons Learned in Software Testing: A 
Context-Driven Approach" and "How I Learn Stuff: 
Secrets of A Buccaneer-Scholar. " 

[306] Test Strategy on a Whiteboard 
Thursday, Sept. 25 2:00 pm - 3:00 pm 

[402] Explaining Testing to Them' 
Thursday, Sept. 25 3:45 pm - 4:45 pm 



SCOTT BARBER 



Scott Barber is chief technologist at 
PerfTestPlus, executive director of 
the Association for Software Testing, 
co-founder of the Workshop on 
Performance and Reliability and co- 
author of "Performance Testing 
Guidance for Web Applications." He's an interna- 
tional keynote speaker and has written more than 
100 articles on software testing. He's a member of 
ACM, IEEE, American MENSA and the Context- 
Driven School of Software Testing, and is a signato- 
ry to the Manifesto for Agile Software Development. 

[106] Performance Testing, Core Principles 
Thursday, Sept. 25 10:00 am - 1 1:00 am 

[204] Designing Performance Tests Heuristically & Visually 
Thursday, Sept. 25 11:15 am - 12:15 pm 

[303] Performance Testing for Managers 
Thursday, Sept. 25 2:00 pm - 3:00 pm 



JOE BASIRICO 



Joe Basirico has spent the majority 
of his professional career studying 
security and developing tools that 
assist in the discovery of security 
vulnerabilities and other application 
problems. His primary responsibility 
at Security Innovation is to deliver security courses 
to software teams in need of application security 
expertise. He has trained developers and testers 
from numerous world-class organizations, includ- 
ing Microsoft, HP, EMC, Symantec, Liberty Mutual, 
Sony, State Farm, Credit Suisse, Amazon.com, 
Adobe and ING. 

[702] A Buzz About Fuzz: An Approach to Finding 

Software Vulnerabilities 
Friday, Sept. 26 1:00 pm - 2:00 pm 

[904] How to Break Web Software 
Friday, Sept. 26 3:30 pm - 4:30 pm 



RYAN BERG 



Ryan Berg is a co-founder and lead 

security architect of Ounce Labs, an 

innovator of software vulnerability 

risk-management solutions, based in 

Waltham, Mass. Prior to Ounce Labs, 

he co-founded Qiave Technologies, a 

pioneer in kernel-level security which was sold to 

WatchGuard Technologies in 2000. Ryan also served 

as a senior software engineer at GTE Internetworking, 

leading the architecture and implementation of new 

managed firewall services. 

[604] Models for Security Testing in the Software 

Development Life Cycle 
Friday, Sept. 26 10:30 am - 1 1:30 am 



SCOTT BINDAS 
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Scott Bindas is the software develop- 
ment lead at defense contractor inno- 
vative Defense Technologies (IDT), 
where he leads a team of developers 
implementing automated software 
testing solutions. Prior to joining IDT, 
Scott spent more than 10 years leading the software 
specification, design, development and testing of 
complex real-time interfaces between complex sub- 
systems. A subject-matter expert in development of 
open architecture systems for the U.S. Navy, Scott is 
a contributing author to the upcoming book 
"Implementing Automated Software Testing," to be 
published next year by Addison-Wesley 

[801] Implementing Automated Software Testing, Part 1 
Friday, Sept. 26 2:15 pm - 3:15 pm 

[901] Implementing Automated Software Testing, Part 2 
Friday, Sept. 26 3:30 pm - 4:30 pm 
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Shaun Bradshaw is director of quality solutions for 
Questcon Technologies, a software testing and QA 
consultancy. He's responsible for managing Quest- 
con's team of senior practice managers in the areas of 
quality solutions development and service delivery 
and works with clients to improve their quality assur- 
ance and software test processes. 

[804] Effective Metrics for Managing a Test Effort 
Friday, Sept. 26 2:15 pm - 3:15 pm 






HANS BUWALDA 
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Hans Buwalda leads LogiGear's Action Based Testing 
(ABT) research and development, and oversees the 
practice of ABT methodology. Hans is an internation- 
ally recognized expert in action-based test automa- 
tion, test development and testing technology man- 
agement. He also speaks at international confer- 
ences, delivering tutorials and workshops, and presenting testing 
concepts such as ABT, the three Holy Grails of test development, 
Soap Opera Testing and Testing in the Cold. 

[1-7] Delivering Test Automation Success Through People, Methods & Tools 
Wednesday, Sept. 24 9:00 am - 5:00 pm 

[102] Agile Test Development 
Thursday, Sept. 25 10:00 am - 1 1:00 am 

[202] The 5% Challenges of Test Automation 
Thursday, Sept. 25 1 1:15 am - 12:15 pm 



CLYNEICE CHANEY 
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Clyneice Chaney quality manager at Project Perform- 
ance, has more than 16 years of testing, quality assur- 
ance and process improvement experience, and has 
successfully led numerous such projects for organiza- 
tions wishing to improve their software development, 
testing processes and tools implementation. 

[705] Metrics: How to Track Things That Matter 
Friday, Sept. 26 1:00 pm - 2:00 pm 

[807] Software Reviews: If They're So Great, Why Isn't Everyone Using Them? 
Friday, Sept. 26 2:15 pm - 3:15 pm 



AARON COOK 



Aaron Cook has been with Collaborative Consulting for 
nearly five years and currently serves as quality assur- 
ance practice leader. Aaron has extensive experience in 
the design, development, implementation and mainte- 
nance of QA projects supporting manual, automated 
and performance testing processes. He has led teams 
of QA engineers and analysts at organizations ranging 
from small startups to large multinationals. Aaron is a member of the 
American Society for Quality and regularly speaks at user conferences. 

[503] The Magic Bullet of Test Automation Is Not 'Record and Playback' 
Friday, Sept. 26 8:45 am - 9:45 am 
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DAVID DANG 



David Dang joined software testing and QA consul- 
tancy Questcon Technologies in 1999, and cur- 
rently serves as director of automation practices. 
He is a Mercury Interactive Certified Instructor (CI) 
for QuickTest Professional, WinRunner and Quality 
Center. David works with clients to assess, define 
and implement automation strategies to maximize 
clients' returns on investment for automation tools 
and minimize automated script maintenance. David has been a 
featured speaker on test automation and related topics at local 
and national QA and testing conferences, including Quality 
Assurance Institute (QAI) and PSQT. 

[309] Modular Test Case Design: The Building Blocks for Reusable 

and Maintainable Tests 
Thursday, Sept. 25 2:00 pm - 3:00 pm 
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DAN DOWNING 



Dan Downing is a co-founder and VP of Testing 
Services at Mentora, an application testing and man- 
aged hosting company. Author of numerous presenta- 
tions, whitepapers and articles on performance test- 
ing, Dan also wrote the 5-Steps of Load Testing, a 
methodology he taught at Mercury Education Centers. 
During the past 1 years, he has led more than 1 00 performance 
projects on a broad range of applications and companies, and is a 
regular conference speaker. 



[504] Load Testing With OpenSTA 
Friday, Sept. 26 8:45 am - 9:45 am 



LARS EWE 



Lars Ewe is a technology executive with broad background in 
(web) application development and security, middleware infrastruc- 
ture, software development and application/system manageability 
technologies. Throughout his career, Lars has held key positions in 
engineering, product management/marketing, and sales in a variety of 
markets. 

[107] Security Fix Validation and Security Bug Use-Case Testing 

During QA Using Browser Automation Technology 
Thursday, Sept. 25 10:00 am - 1 1:00 am 

[208] Common Mistakes When Securing Web Applications 
Thursday, Sept. 25 1 1:15 am - 12:15 pm 
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JEFF FELDSTEIN 



Jeff Feldstein manages a team of 40 testers for Cisco 
Systems. During his 24-year career, he has been a 
software developer, tester, development manager and 
computer consultant, and for the past five years, his 
team has been writing software test tools. Jeff's spe- 
cialties include internetworking, real-time embedded 
systems, communications systems, hardware diagnostics and 
firmware, databases and test technologies. He is one of the highest- 
rated speakers at Software Test & Performance conferences. 



BOB GALEN 
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[506] Model-Based Testing for Java and Web-Based GUI Applications 
Friday, Sept. 26 8:45 am - 9:45 am 

[605] Balancing Test to Break, Test to Validate and Metrics 
Friday, Sept. 26 10:30 am - 1 1:30 am 

[703] Team Techniques for Influencing Upstream Decisions 
Friday, Sept. 26 1:00 pm - 2:00 pm 

[806] Quality Throughout the Software Life Cycle 
Friday, Sept. 26 2:15 pm - 3:15 pm 



JAN FISH 



Jan Fish has more than 34 years of experience in \ 
software systems, process improvement and change 
management in financial and software organizations of 
all sizes. She's currently a manager of test and process 
improvement at Philips Lifeline, where she led a team 
of test engineers from a state of non-process to CM Ml 
Level 4 in less than three years. Jan has led efforts to improve process- 
es from traceability to peer reviews to production readiness testing dur- 
ing the systems acceptance process. She is an advocate of honest and 
accurate product status from the test point of view. 

[406] Measure Quality on the Way In, Not Just on the Way Out 
Thursday, Sept. 25 3:45 pm - 4:45 pm 



MATT GABOR 



When he's not making movies, Matt Gabor serves as 
Open make Software's senior software developer, 
where he walks customers through their build process 
and explains to them a better story for build manage- 
ment. Matt has lived this double life since 2000 
when he became the company's resident Eclipse 
expert. He has wide-ranging experience with Eclipse plug-in develop- 
ment and is an accomplished Java EE, SE and .NET developers. 

[407] What You Must Know to Demystify Ant Build Scripts 
Thursday, Sept. 25 3:45 pm - 4:45 pm 
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Bob is the director of product development and agile 
architect for Channel Advisor in Cary N.C. In this role, 
he operates as an agile coach and methodologist sup- 
porting ChannelAdvisor's organizational shift toward 
Scrum and other agile practices. Bob is also principal 
consultant for RGalen Consulting Group, L.L.C. He has 
nearly 25 years of experience working at companies such as Bayer, 
Bell & Howell Mail Processing, EMC, Lucent, Unisys and Thomson. 

Bob has been a Certified Scrum Master Practicing (CSP) since 
2004, Certified Scrum Product Owner (CSPO), and an active mem- 
ber of the Agile Alliance & Scrum Alliance. He authored "Software 
Endgames — Eliminating Defects, Controlling Change and the 
Countdown to On-Time Delivery, " which focuses on how to success- 
fully finish software projects. 

[T-4] Creating and Leading the High-Performance Test Organization 
Wednesday, Sept. 24 9:00 am - 5:00 pm 

[304] Software Endgames: How to Finish What You've Started 
Thursday, Sept. 25 2:00 pm - 3:00 pm 

[501] Agile Testing Within Scrum 
Friday, Sept. 26 8:45 am - 9:45 am 

[601] Testing in the Enterprise Using Scrum 
Friday, Sept. 26 10:30 am - 1 1:30 am 



ROBIN GOLDSMITH 



Robin Goldsmith has been president of the Go Pro 
Management consultancy since 1982. He works 
directly with and trains professionals in business engi- 
neering, requirements analysis, software acquisition, 
project management, quality assurance and testing. 
Previously he was a developer, a systems programmer/ 
DBA/QA and a project leader with the City of Cleveland, leading finan- 
cial institutions and a "Big 4" consulting firm. 

Author of the recent book "Discovering REAL Business Require- 
ments for Software Project Success, " Robin was formerly internation- 
al vice president of the Association for Systems Management and 
executive editor of the Journal of Systems Management. 

[T-2] Measuring and Improving Your Test Processes 
Wednesday, Sept. 24 9:00 am - 5:00 pm 

[104] Overcoming Requirements-Based Testing's Hidden Pitfalls 
Thursday, Sept. 25 10:00 am - 1 1:00 am 

[205]HowtoTesttheUntestable 
Thursday, Sept. 25 11:15 am - 12:15 pm 

[307] Exploratory Testing: Not Just Parlor Tricks? 
Thursday, Sept. 25 2:00 pm - 3:00 pm 

[401] Help Your Boss Avoid Being an Idiot 
Thursday, Sept. 25 3:45 pm - 4:45 pm 

[505] I Went to This Conference and All they Talked About Was 

Requirements 
Friday, Sept. 26 8:45 am - 9:45 am 

[606] Software Process Improvement's Dirty Little Secret 
Friday, Sept. 26 10:30 am - 11:30 am 
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CHRIS GOTTBRATH 



Chris Gottbrath is product manager at debugging 

tools maker Total View Technologies, where he has 

worked for seven years. Prior to that, as a graduate 

student of astrophysics at the University of Arizona in 

Tucson, he wrote cosmological simulations using C 

and MPI on a small-scale Beowulf cluster. Chris is a ^ ^* * 

regular contributor to high-performance computing and software 

development industry conferences worldwide. 
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[305] Fixing Memory Leaks and Other Defects 
Thursday, Sept. 25 2:00 pm - 3:00 pm 



CHINTAN GUPTA 



Chintan Gupta is a test specialist with IBM Rational, 
where she's responsible for ensuring the quality of IBM 
Rational Functional Tester. She has four years' experi- 
ence in functional and performance testing of security 
products, and has presented in various forums at IBM 
India Software Labs. She also participates in problem- 
solving sessions with internal and external IBM customers. 

[708] Using Visualization to Manage Globally Distributed Testing 
Friday, Sept. 26 1:00 pm - 2:00 pm 





MICHAEL HACKETT 



Michael Hackett is a founding partner of LogiGear 
and is responsible for the direction and develop- 
ment of the company's training program. He has in- 
depth experience in software engineering and the 
testing of applications developed for deployment 
across multiple platforms. Michael writes and 
teaches a software testing curriculum for LogiGear University, and 
for the U.C. Berkeley Extension. He is also co-author of "Testing 
Applications on the Web: Test Planning for Mobile and Internet- 
Based Systems," Second Ed., and holds a B.S. in engineering 
from Carnegie Mellon University. 

[206] Effectively Training Your Offshore Test Team 
Thursday, Sept. 25 11:15 am - 12:15 pm 

[405] Turn Your Test Team Into a High-Performance Organization 
Thursday, Sept. 25 3:45 pm - 4:45 pm 



STEVEN HAINES 



Steven Haines started Quest Software's Java EE 
Performance Tuning professional services organization 
in 2002. He's the author of both "Java 2 Primer Plus" 
and "Java 2 From Scratch, " and shares author credits 
on "Java Web Services Unleashed. " Steven is also the 
author of two newly released books, "InformIT Java 
Reference Guide" and "Pro Java EE Performance Management. " 

Steven has taught Java at the University of California, Irvine, and 
at Learning Tree University. As the Java host on lnformlT.com, he 
publishes a weekly column on everything from Java Web technologies 
to design patterns and performance tuning. 

[707] Java EE Performance-Tuning Methodologies 
Friday, Sept. 26 1 :00 pm - 2:00 pm 

[808] Best Practices in Java Environment Performance Testing 
Friday, Sept. 26 2:15 pm - 3:15 pm 



KAREN N. JOHNSON 



Karen N. Johnson is a software testing consultant. 

She views software testing as an intellectual challenge 

and believes in the context-driven school of testing. 

Karen has extensive experience in software testing 

and test management, has published software testing 

articles and is a frequent speaker at conferences. She 

is listed as a software testing expert on Tech Target's Web site, sea re h- 

softwarequality.com, serves as a director for the Association for 

Software Testing, and is a program co-chair for the Conference for the 

Association for Software Testing. 



[T-3] SQL for Testers 
Wednesday, Sept. 24 9:00 am ■ 



5:00 pm 



[302] Building a Software Testing Strategy 
Thursday, Sept. 25 2:00 pm - 3:00 pm 



DAVID KAPFHAMMER 



David Kapf hammer is practice director for the Quality 
Assurance and Testing Solutions Organization at 
Keane. He is responsible for defining the strategy and 
solutions dealing with testing and quality assurance 
in all verticals of the company's global business. 
David is experienced in all aspects of systems design 
and implementation including organizational leadership, technical 
solution, quality mechanisms and enterprise architecture. David is 
also a doctoral student researching decision rights models for global- 
ly distributed information technology (IT) teams at The George Mason 
University, Fairfax, Va. 




[908] Testing Visibly 

Friday, Sept. 26 3:30 pm - 4:30 pm 
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RAMA KARTHIKEYAN 



Rama Karthikeyan is the performance architect of 
Coban Corporation's Performance Engineering Practice. 
He holds a master's degree in electrical and computer 
engineering and has vast experience in the field of per- 
formance engineering and capacity planning. In his 
experience as a consultant, he provides recommenda- 
tions and analysis for various what-if scenarios for critical applications 
by working closely with the architecture, development and the business 
teams. Rama's focus has been on implementing performance best prac- 
tices, automation, system tuning and quality assurance in general. 

[108] Java Profiling in a Performance Assurance Life Cycle 
Thursday, Sept. 25 10:00 am - 1 1:00 am 




IAN KNOX 



Ian Knox has been in the software development 
industry for more than 15 years. He joined Skytap 
from Microsoft, where he was group product manager 
for Visual Studio and led the team responsible for 
introducing Visual Studio Team System. Prior to 
Microsoft, Ian was a principal consultant at 
PricewaterhouseCoopers, where for seven years he worked on global 
software delivery projects for Fortune 500 clients. As Skytap's direc- 
tor of product management, Ian is responsible for all aspects of the 
company's products and their go-to-market strategy. He's a frequent 
speaker at testing and development conferences. 

[308] Virilization: Moving to a Truly Virtual QA Lab 
Thursday, Sept. 25 2:00 pm - 3:00 pm 




Timothy Korson is founder of Korson-Consulting and 
has had more than two decades of experience working 
on systems developed using modern software engineer- 
ing techniques. This experience includes distributed, 
real-time, embedded systems as well as business infor- 
mation systems in an n-tier, client/server environment. 

Timothy's typical involvement on a project is as a senior manage- 
ment consultant with additional technical responsibilities to ensure 
high-quality test and quality assurance processes and practices. He 
co-authored a book on Object Technology Centers. 

[T-8] Programming Concepts for the Test Professional 
Wednesday, Sept. 24 9:00 am - 5:00 pm 



WILLIAM LOUTH 
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William Louth is the CTO of Jlnspired and product 
architect of its performance management and auto- 
mated runtime-diagnostics solution, JX Insight. 

In the enterprise business unit at Borland, William 
designed and prototyped enterprise-application per- 
formance-modeling and simulation tools while provid- 
ing expert performance-tuning and capacity-planning advice to its 
large U.S. and European customer accounts. He has also provided 
expert performance management and architectural advice to many 
other leading software companies, including HP Software, where he 




WILLIAM LOUTH CONT'D 



helped establish the software performance-engineering team for its 
next-generation IT-management product platform. 

[103] Software Performance Engineering, Part 1: Software 

Execution Models 
Thursday, Sept. 25 10:00 am - 1 1:00 am 

[203] Software Performance Engineering, Part 2: System 

Execution Models 
Thursday, Sept. 25 1 1:15 am - 12:15 pm 



MATT LOVE 



Matt Love is a software development manager with 
Parasoft, where he has been involved in the develop- 
ment of J test, Parasoft's automated code analysis and 
unit testing tool for Java, since 2001. He coordinates 
integration of several internally developed modules 
from the U.S., Poland and Russia, in addition to open- 
source components, into a single application. Matt has been develop- 
ing in Java since version 1.1 in 1997 and earned his B.S. in comput- 
er engineering from the University of California, San Diego. 

[607] Designing JUnit Test Cases for Effective Functional Testing 
Friday, Sept. 26 10:30 am - 1 1:30 am 




MARK LUSTIG 



Mark Lustig is the director of performance engineer- 
ing and quality assurance at Collaborative Consulting. 
In addition to being a hands-on performance engi- 
neer, he specializes in application and technical 
architecture for multi-tiered Internet and distributed 
systems. Prior to joining Collaborative, Mark was a 
principal consultant for CSC Consulting. 

[902] Performance-Testing 'Obnoxious' Protocols 
Friday, Sept. 26 3:30 pm - 4:30 pm 




BRIAN MASSEY 
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As product manager for IBM/Rational Software for the 
past two years, Brian Massey's role is to understand 
and be expert in the domains of functional testing and 
test management. 

Before joining Rational Software in 1999, Brian 
held positions of project lead, systems engineer, sys- 
tems architect, project engineer, software engineer and systems 
administrator. His experience has ranged from developing overall sys- 
tem architecture (hardware and software) to designing and establish- 
ing network infrastructure and analysis and design, coding and testing 
of software modules and component-based systems. 

[507] The How-To Guide for Test Management 
Friday, Sept. 26 8:45 am - 9:45 am 

[704] Optimizing Your Testing Effort With Keyword-Driven Frameworks 
Friday, Sept. 26 1 :00 pm - 2:00 pm 
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JOHN MICHELSEN 



John Michelsen is chief architect and a co-founder 
of iTKO, an automated SOA software testing compa- 
ny. He has more than 15 years of high-level enter- 
prise development experience, as a chief architect 
of development teams and as an executive in 
designing, developing and managing large-scale, 
object-oriented solutions in traditional and network architectures. 

John is the chief architect of iTKO's LISA automated testing 
product and a leading industry advocate for software quality with 
several published articles and speaking appearances at technology 
conferences under his belt. 

[907] SOA Life Cycle Quality: The Tipping Point of SOA Governance 
Friday, Sept. 26 3:30 pm - 4:30 pm 



BJ ROLLISON 
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Bj Rollison is a test architect with Microsoft's 
Engineering Excellence group, where he designs and 
develops technical training curriculum in testing 
methodologies and test automation. 

Bj has more than 1 6 years of computer industry 
experience, most of it with Microsoft. In 1996, he 
became a test manager in Microsoft's Internet Client and Consumer 
Division, responsible for shipping several client products and a Web 
server. He moved to Microsoft's Internal Technical Training group in 
1999 as the director of test training, planning and organizing train- 
ing for more than 6,000 Microsoft testers. 

[T-6] Testing Techniques: Theory and Application 
Wednesday, Sept. 24 9:00 am - 5:00 pm 

[207] Robust Testing With Stochastic Test Data 
Thursday, Sept. 25 11:15 am - 12:15 pm 

[404] Combinatorial Analysis: A Pair-Wise Testing Primer 
Thursday, Sept. 25 3:45 pm - 4:45 pm 
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Jason Rudolph is a principal at Relevance, a software 
consultancy and training organization specializing in 
Ruby, Rails, Groovy and Grails, and integrating them p 
with enterprise environments. Jason has more than \ 
nine years of experience developing software solutions 
for domestic and international clients of all sizes, 
including start-ups, Dow 30 companies, and government organizations. 
Jason is the author of "Getting Started with Grails" and speaks fre- 
quently at software conferences and user groups. He also contributes 
regularly to the open-source community, both as an early committer to 
Grails, and as a committer to the Streamlined framework. 

[906] How To Fail With 100% Test Coverage 
Friday, Sept. 26 3:30 pm - 4:30 pm 
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ROBERT SABOURIN 



Robert Sabourin has more than 25 years of manage- 
ment experience, leading teams of software develop- 
ment professionals. A well-respected member of the 
software engineering community, Robert has man- 
aged, trained, mentored and coached hundreds of top 
professionals in the field. He frequently speaks at con- 
ferences and writes on software engineering, SQA, testing, manage- 
ment and internationalization. The author of "I Am a Bug!" the pop- 
ular software testing children 's book, Robert is an adjunct professor of 
software engineering at McGill University. 

[603] To Infinity and Beyond: Extreme Boundary Testing 
Friday, Sept. 26 10:30 am - 1 1:30 am 

[701] Taking AIM— Using Visual Models for Test Case Design 
Friday, Sept. 26 1:00 pm - 2:00 pm 

[805] Deciding What Not to Test 
Friday, Sept. 26 2:15 pm - 3:15 pm 

[905] Bugs on Bugs! What Looney Tunes Taught Me About Testing 
Friday, Sept. 26 3:30 pm - 4:30 pm 




NEERAJ SANGAL 



Neeraj Sangal is president of Lattix, a company spe- 
cializing in software architecture management solu- 
tions and services. He has analyzed many large propri- 
etary and open-source systems. Prior to Lattix, Neeraj 
was president of Tendril Software, which pioneered 
model-driven EJB development and synchronized 
UML models for the Java programming language. 
Tendril was acquired by BEA/WebGain. Earlier, he managed a distrib- 
uted development organization at Hewlett-Packard. 

[803] Testing Your Software Architecture 
Friday, Sept. 26 2:15 pm - 3:15 pm 



RICHARD SHARPE 



As a director of Enerjy Software, Richard Sharpe 
consults with customers on quality issues. He has 
been involved in the Java industry for 10 years as a 
developer, consultant and manager for large compa- 
nies and small start-ups. Rich has traveled around 
Europe and the U.S. speaking at various Java user 
groups as well as Javapolis and JavaOne on subjects regarding 
Java performance issues, managing development teams and qual- 
ity and metrics initiatives. He holds a B.Sc. in computing systems 
from Nottingham Trent University, U.K. 

[903] Implementing a Quality and Metrics Process 
Friday, Sept. 26 3:30 pm - 4:30 pm 
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CHRIS SIMS 



Chris Sims is a teacher, coach, facilitator, consultant, 
coder, agile evangelist and all-around geek. He is the 
founder of the Technical Management Institute, facil- 
itator of the Bay Area Engineering Managers Support 
Group, chair of the IEEE Technical Management 
Council of Silicon Valley, and is on the board of 
BayAPLN, the Bay Area chapter of the Agile Project Leadership 
Network. 

In the past, Chris has made a living in roles such as engineering 
manager, project manager, C++ developer, bandleader, bass player 
and auto mechanic. Now, he enjoys teaching engineers how to lead 
people, projects and teams. 

[502] The Most Effective Ways to Improve Software Quality 
Friday, Sept. 26 8:45 am - 9:45 am 

[602] The Makings of a QA Leader 
Friday, Sept. 26 10:30 am - 1 1:30 am 




MEGAN SUMRELL 



Megan Sumrell is a Certified Scrum Master with 

more than 12 years of software testing experience. 

She has worked as a developer, database designer, 

quality engineer and director of QA. She has built 

QA organizations at several software companies, 

including CommerceOne and Channel Advisor. 

Currently, she is the QA architect at Valtechin Raleigh, N.C. She 

specializes in agile testing and has worked with several teams to 

help them transition from waterfall to agile practices. 

[T-l] Agile Testing Practices 
Wednesday, Sept. 24 9:00 am - 5:00 pm 

[301] Testing in an Agile Environment 
Thursday, Sept. 25 2:00 pm - 3:00 pm 




MOHIT VERMA 



Mohit Verma has been working with functional test 
tools for more than 10 years, including those from 
Mercury, Rational and Compuware. He has implement- 
ed performance testing solutions for numerous com- 
plex and high-end implementations for several corpo- 
rations. He is currently the lead software performance 
architect at Tufts Health Plan in charge of performance testing of 
enterprise applications. 

[706] Performance-Testing Non-Standard and Legacy Applications: 

Hybrid Solutions 
Friday, Sept. 26 1:00 pm - 2:00 pm 






ROBERT WALSH 



Robert Walsh is president and manager of applications 
development at EnvisionWare, which provides software 
solutions for public and academic libraries. Robert 
holds a B.S. in secondary mathematics education from 
Mississippi State University. He's largely a self-taught 
programmer, but has over nine years of professional 
programming experience, mostly with C and C++. 

In 2002, Robert was introduced to agile software development 
methodologies and began looking for ways that EnvisionWare's soft- 
ware development processes might benefit from agile techniques. He 
implemented a homegrown hybrid involving elements from Scrum and 
Extreme Programming, and continues to entertain ways to improve 
and refine the process. 



[T-l] Agile Testing Practices 
Wednesday, Sept. 24 9:00 am ■ 



5:00 pm 



[201] Test-First GUIs: The Model-View-Presenter Approach 
Thursday, Sept. 25 11:15 am - 12:15 pm 

[301] Testing in an Agile Environment 
Thursday, Sept. 25 2:00 pm - 3:00 pm 



MARY SWEENEY 



Mary Sweeney has been developing, using and testing 
relational database systems for more than 20 years 
for such companies as Boeing and Software Test 
Labs. She's the author of "Visual Basic for Testers" 
and "A Tester's Guide to .NET Programming." 

Mary is a college professor with a degree in 
mathematics and computer science from Seattle University. She's 
an MCP in SQL Server and is on the board of the International 
Institute of Software Test. 

[T-5] Automated Database Testing: Using Stored Procedures 
Wednesday, Sept. 24 9:00 am - 5:00 pm 

[101] Automated Testing in the .NET Environment: A New 

Opportunity for Test Professionals 
Thursday, Sept. 25 10:00 am - 1 1:00 am 

[403] Maximizing SQL Server 2005 Performance 
Thursday, Sept. 25 3:45 pm - 4:45 pm 




ALFRED WONG 



Alfred Wong is the performance test advisor at 
Expedia.com, a travel consumer Web site. He 
holds an M.S. degree in electrical engineering and 
has been working in the software performance 
field for more than five years. He has worked on 
large-scale desktop and Web applications and has 
experience in software design and development, test manage- 
ment, resource planning and scheduling, managing outsourced 
projects, guiding performance certification processes, technical 
consulting, performance tuning and capacity planning. 

[508] End-to-End Performance Process: From Requirements to 

Production Monitoring 
Friday, Sept. 26 8:45 am - 9:45 am 

[608] Performance Bugs and Investigation Strategies 
Friday, Sept. 26 10:30 am - 1 1:30 am 
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Boston Marriott 
Copley Place 
no Huntington Avenue 
Boston, MA 02116 USA 
Phone: +1-617-236-5800 
Fax: +1-617-236-5885 



You can also access the hotel site directly at www.copleymarriott 
.com. After entering your arrival/departure dates, you'll see a field 
for a group code. Please enter BZMBZMA to receive the discount- 
ed rate. 

Reservations must be made by Friday, August 29, 2008. This rate 
is available from Sunday, September 21 through Saturday, 
September 27. 



Hotel Highlights 

• The Boston Marriott Copley Place has a smoke-free policy. 

• This Back Bay hotel is near Boston Common and area shops, businesses and sporting facilities. 

• The hotel is also near Boston Logan Airport, 1-90, 1-93 and the Back Bay subway and 
train stations. 

• Three restaurants, valet parking, car rental desk and tour desk are just some of the hotel's 
features. 

Parking 

• On-site parking, fee: US$34 daily 

• Valet parking, fee: US$42 daily 

• Off-site parking; contact hotel for details 

Directions from Airport 

Boston's Logan International Airport (BOS) 

• +1-800-235-6426 

• Hotel direction: 4.0 mi West 

• Driving Directions from Logan: Follow signs for Boston/Sumner tunnel. Pay the toll and stay in 
the right lane in the tunnel. Follow signs for Exit 26/Storrow Drive. After you emerge from the 
tunnel, take the second left exit to Copley Square/Back Bay. At the first light, turn right onto 
Beacon St. Follow Beacon St. for 4 blocks and make a left on to Exeter St. After 5 lights, Exeter 
St. ends at Huntington Ave. Turn right onto Huntington Ave. At the first light, under the sky 
bridge, make a U-turn to the left. The hotel entrance is on your immediate right. 

• Alternate Transportation from Logan: 

• Boston Hotels Shuttle 

• Subway service, fee: US$2 (one way) 

• Estimated taxi fare: US$30 (one way) 

The Marriott does not provide shuttle service. 






Other Transportation 

• Bus service, South Station (1.2 mi) 

• Subway service, Back Bay Station (.5 mi) 

• Train service, Back Bay Station (.5 mi) 



www. stpcon. com 
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CONFEREi 



Software Test fi Performance 



TUESDAY 
Sept. 23 


WEDNESDAY 
Sept. 24 


THURSDAY 

Sept. 25 


REGISTRATION OPEN 
4:00 pm -7:00 pm 


REGISTRATION OPEN 
8:00 am - 7:00 pm 


REGISTRATION OPEN 8:00 am - 7:00 pm 




HANDS-ON TOOL SHOWCASE 

6:00 pm -8:00 pm 


KEYNOTE 8:45 am - 9:45 am JAMES BACH 




EXHIBIT HALL OPEN 3:00 pm - 7:00 pm ATTENDEE RECEPTION 5:00 pm - 7:00 pm 






TECHNICAL CLASSES 




9:00 am - 5:00 pm 


10:00 am -11:00 am 


11:15 am -12:15 pm 


2:00 pm -3:00 pm 


3:45 pm - 4:45 pm 


Don't 

Miss 

These 


T-1 


Agile Testing 
Practices - 
Sumrell/Walsh 


101 


Automated 
Testing in the .NET 
Environment: A 
New Opportunity 
for Test Profes- 
sionals - Sweeney 


201 


Test-First GUIs: The 
Model-View- 
Presenter Approach 
- Walsh 


301 


Testing in an Agile 
Environment 
- Sumrell/Walsh 


401 


Help Your Boss Avoid 
Being an Idiot 
-Goldsmith 


Special 
Events! 


T-2 


Measuring & 
Improving Your 
Test Processes 
- Goldsmith 


102 


Agile Test 
Development 
- Buwalda 


202 


The 5% Challenges 
of Test Automation 
- Buwalda 


302 


Building a Software 
Testing Strategy 
-Johnson 


402 


Explaining Testing to 
Them' - Bach 


Wed., Sept. 24 
5:00 pm-6:00 pm 
LIGHTNING TALKS 


T-3 


SQL for Testers 
Johnson 


103 


Software Perform- 
ance Engineering, 
Part 1 : Software 
Execution 
Modules- Louth 


203 


Software Perform- 
ance Engineering, 
Part 2: System 
Execution Modules 
- Louth 


303 


Performance Testing 
for Managers 
- Barber 


403 


Maximizing SQL 
Server 2005 Perform- 
ance - Sweeney 


Wed., Sept. 24 
6:00 pm-8:00 pm 
HANDS-ON TOOL 
SHOWCASE 


T-4 


Creating & Leading 
the High- 
Performance Test 
Organization 
- Galen 


104 


Overcoming 
Requirements- 
Based Testing's 
Hidden Pitfalls 
- Goldsmith 


204 


Designing 
Performance Tests 
Heuristically & 
Visually- Barber 


304 


Software Endgames: 
How to Finish What 
You've Started 
- Galen 


404 


Combinatorial 
Analysis: A Pair-Wise 
Testing Primer 
- Rollison 


Thurs., Sept. 25 
8:45 am-9:45 am 
OPENING KEYNOTE 


T-5 


Automated Dbase 
Testing: Using 
Stored Procedures 
- Sweeney 


105 


Web 2.0 & 
Security -Allan 


205 


How to Test the 

Untestable 

-Goldsmith 


305 


Fixing Memory Leaks 
& Other Defects 
- Gottbrath 


405 


Turn Your Test Team 
Into a High-Perform- 
ance Organization 
- Hackett 


Thurs., Sept. 25 
5:00 pm-7:00 pm 
ATTENDEE 
RECEPTION IN 


T-6 


Testing 
Techniques: 
Theory & 
Application 
- Rollison 


106 


Performance 
Testing, Core 
Principles -Barber 


206 


Effectively Training 
Your Offshore Test 
Team - Hackett 


306 


Test Strategy on a 
Whiteboard - Bach 


406 


Measure Quality on 
the Way In, Not Just 
on the Way Out 
-Fish 


EXHIBIT HALL 

Fri., Sept. 26 
12:00 pm-1:00 pm 
STPCON PRIZE 
PATROL IN 
EXHIBIT HALL 


T-7 


Delivering Test 
Automation 
Success Through 
People, Methods 
& Tools 
- Buwalda 


107 


Security Fix 
Validation & 
Security Bug Use- 
Case Testing 
During QA Using 
Browser Auto- 
mation Technology 
- Ewe 


207 


Robust Testing 
With Stochastic 
Test Data 
- Rollison 


307 


Exploratory Testing: 
Not Just Parlor 
Tricks? - Goldsmith 


407 


What You Must Know 
to Demystify Ant 
Build Scripts - Gabor 




T-8 


Programming 
Concepts for the 
Test Professional 
- Korson 


108 


Java Profiling in a 

Performance 

Assurance Life 

Cycle 

- Karthikeyan 


208 


Common Mistakes 
When Securing 
Web Applications 
- Ewe 


308 


Virtualization: 
Moving to a Truly 
Virtual QA Lab 
- Knox 


408 


Five Major Application 
Security Vulnerabil- 
ities-Allan 
















309 


Modular Test Case 
Design: The Building 
Blocks for Reusable 
& Maintainable 
Tests - Dang 
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register at www.stpcon.com 



Conference Planner • Fall 2008 



FRIDAY 

SEPT. 26 

REGISTRATION OPEN 8:00 am -4:00 pm 
EXHIBIT HALL OPEN 9:30 am - 1:15 pm 

TECHNICAL CLASSES 



ar's 
list * Early! \ 



8:45 am - 9:45 am 


10:30 am -11:30 am 


1:00 pm -2:00 pm 


2:15 pm -3:15 pm 


3:30 pm - 4:30 pm 


501 


Agile Testing Within 
Scrum - Galen 


601 


Testing in the Enterprise 
Using Scrum- Galen 


701 


Taking AIM— Using 
Visual Models for Test 
Case Design -Sabourin 


801 


Implementing 
Automated Software 
Testing, Part 1 
- Bindas 


901 


Implementing 
Automated Software 
Testing, Part 2 
- Bindas 


502 


The Most Effective 
Ways to Improve 
Software Quality 
-Sims 


602 


The Makings of a QA 
Leader -Sims 


702 


A Buzz About Fuzz: An 
Approach to Finding 
Software Vulnerabilities 
- Basirico 


802 




902 


Performance-Testing 
'Obnoxious' Protocols 
- Lustig 


503 


The Magic Bullet of 
Test Automation Is Not 
'Record and Playback' 
-Cook 


603 


To Infinity & Beyond: 
Extreme Boundary 
Testing - Sabourin 


703 


Team Techniques for 
Influencing Upstream 
Decisions - Feldstein 


803 


Testing Your Software 
Architecture -Sangal 


903 


Implementing a Quality 
& Metrics Process 
- Sharpe 


504 


Load Testing With 

OpenSTA 

- Downing 


604 


Models for Security 
Testing in the Software 
Development Life Cycle 
-Berg 


704 


Optimizing Your Testing 
Effort With Keyword- 
Driven Testing 
Frameworks - Massey 


804 


Effective Metrics for 
Managing a Test Effort 
- Bradshaw 


904 


How to Break Web 
Software - Basirico 


505 


I Went to This 
Conference & All 
They Talked About 
Was Requirements 
-Goldsmith 


605 


Balancing Test to Break, 
Test to Validate & 
Metrics - Feldstein 


705 


Metrics: How to Track 
Things That Matter 
- Chaney 


805 


Deciding What Not to 
Test - Sabourin 


905 


Bugs on Bugs! What 
Looney Tunes Taught 
Me About Testing 
- Sabourin 


506 


Model-Based Testing 
for Java & Web- 
Based GUI Applica- 
tions - Feldstein 


606 


Software Process 
Improvement's Dirty 
Little Secret - Goldsmith 


706 


Performance-Testing 
Non-Standard & Legacy 
Applications: Hybrid 
Solutions- Verma 


806 


Quality Throughout the 
Software Life Cycle 
- Feldstein 


906 


How to Fail With 100% 
Test Coverage 
-Rudolph 


507 


The How-To Guide for 
Test Management 
- Massey 


607 


Designing JUnitTest 
Cases for Effective 
Functional Testing 
-Love 


707 


Java EE Performance- 
Tuning Methodologies 
- Haines 


807 


Software Reviews: If 
They're So Great, Why 
Isn't Everyone Using 
Them? - Chaney 


907 


SOA Life Cycle Quality: 
The Tipping Point of 
SOA Governance 
- Michelsen 


508 


End-to-End 
Performance Process: 
From Requirements to 
Production Monitoring 
-Wong 


608 


Performance Bugs and 
Investigation Strategies 
-Wong 


708 


Using Virtualization to 
Manage Globally 
Distributed Testing - 
Gupta 


808 


Best Practices in Java 
Environment 
Performance Testing 
- Haines 


908 


Testing Visibly 
- Kapfhammer 























www. stpcon. com 
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iKLirauiinKilTO 

REGISTER EARLY AND SAVE! 



Software Te 
& Performance 

DUNEEREi 




eXtreme Early Bird 


Super Early Bird 


Early Bird 




Register By 


By July 3 


By Aug. 1 


By Sept. 5 


After Sept. 5 


Full Event Passport 


$1,155 


$1,295 


$1,395 


$1,695 


Two-Day Technical Conference Only 
September 25-26 


$955 


$1,055 


$1,095 


$1,365 


One-Day Tutorials Only 
Wednesday, September 24 


$725 


$825 


$895 


$965 


One-Day Technical Conference Only 
Thursday, September 25 


$725 


$825 


$895 


$895 


One-Day Technical Conference Only 
Friday, September 26 


$725 


$825 


$895 


$895 


Exhibit Hall Only 

All prices are in US dollars 


FREE 


FREE 


FREE 


$50 on Thurs. 
FREE on Fri. 



REGISTER ONLINE TODAY at www.stpcon.com 



REGISTRATION INCLUSIONS: 

Full Event Passport Registration Includes: 

• Admission to tutorials and technical classes (Please make your class 
selections when registering) 

• Admission to keynote 

• Admission to Exhibit Hall and Attendee Reception 

• Admission to Lightning Talks and Hands-On Tool Showcase 

• Conference materials, including CD ROM of all presentations available 

• Continental breakfast, coffee breaks and lunch, where indicated 

Two-Day Technical Conference Only Registration Includes: 

• Admission to technical classes (Please make your class selections 
when registering) 

• Admission to keynote 

• Admission to Exhibit Hall and Attendee Reception 

• Conference materials, including CD ROM of all presentations available 

• Continental breakfast, coffee breaks and lunch, where indicated 

One-Day Tutorials Only Registration Includes: 

• Admission to tutorials (Please make your class selection when 
registering) 

• Admission to Lightning Talks and Hands-On Tool Showcase 

• Conference materials, including CD ROM of all presentations available 

• Continental breakfast, coffee breaks and lunch, where indicated 

Exhibit Hall Only Registration Includes: 

• Admission to Exhibit Hall 

• Admission to Attendee Reception 

HOW TO REGISTER: 

Register online at www.stpcon.com and use one of the following payment 
methods: 

• Credit Card. You can use the secure online form to pay via credit card 
and get immediate confirmation of your classes. MasterCard, Visa 
and American Express are accepted. You'll receive a REGISTRATION 
RECORD and RECEIPT. Please print out these pages and bring them 
with you to the Conference. Present them at the Registration Desk to 



pick up your badge and any course materials. 

• Check. Fill out the online registration form. Print out the REGISTRA- 
TION RECORD and RECEIPT and mail to BZ Media LLC, 7 High 
Street, Suite 407, Huntington, NY 11743, with your payment. 
Online registrations that are mailed without payment will not be con- 
firmed until payment is received. 

• Purchase Order. If you register using a P.O., you'll be invoiced imme- 
diately for the registration amount. Payment must be received before 
your registration can be confirmed. 

SPECIAL DISCOUNTS: 

You may combine one of these special discounts with the Early 
Registration pricing to save even more! 

• Group. Get an addition $100 off per person if you register 4 or more 
people from one company for the Full Event Passport. Use code 
GROUP in the discount code field. 

• Government. Federal, State and Local Government employees can 
receive an additional $100 off the Full Event Passport. Enter code 
GOV in discount code field. 

• Alumni. Have you attended any of BZ Media's previous Software Test 
& Performance Conferences? If so, you're eligible for a $100 alum- 
ni discount on a Full Event Passport. Enter the code ALUMNI in the 
discount code field. 

• User Groups. Contact Donna Esposito, desposito@bzmedia.com, to 
see if your group is eligible for a discount. 

CANCELLATION & REFUND POLICY: 

You can receive a full refund, less a $50 registration fee, for cancella- 
tions made by Friday, August 15, 2008. Cancellations after this date 
are non-refundable. Send your cancellation in writing to 
registration@bzmedia.com. Registrations may be transferred to anoth- 
er person. 

QUESTIONS: 

Contact Donna Esposito, Conference Director, at desposito@bzmedia 
.com or +1-415-785-3419. 



Software Test 
& Performance 

CONFERENCE 



BZ Media LLC 

7 High Street 

Suite 407 

Huntington, NY 11743 



